In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. External References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5772 Upstream Issue: https://github.com/Exiv2/exiv2/issues/216 Upstream Patch: https://github.com/Exiv2/exiv2/files/1643286/printStructureFixes.txt
Created exiv2 tracking bugs for this issue: Affects: fedora-all [bug 1536905]
Statement: This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.