A flaw was found in Exiv2 0.26, there is a integer wraparound in the
Exiv2::Image::printIFDStructure function, leading to a heap-based buffer
over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote
attackers can exploit this vulnerability to disclose memory data or cause a
denial of service via a crafted TIFF file.
Created exiv2 tracking bugs for this issue:
Affects: fedora-all [bug 1545250]
This issue did not affect the versions of Exiv2 as shipped with Red Hat Enterprise Linux 6 and 7.