The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file. Upstream Issue: https://github.com/Exiv2/exiv2/issues/202
Created exiv2 tracking bugs for this issue: Affects: fedora-all [bug 1531729]
Upstream patch: https://github.com/Exiv2/exiv2/commit/9cddfa514d4fddf7a5f93be74dae2e93d9722204
A big allocation, caused by not enough checks, is present in Jp2Image::redMetadata() when the box type is Jp2Header and the subBox is ColorHeader.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1577 https://access.redhat.com/errata/RHSA-2020:1577
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-4868