A flaw was found in Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. This could result in a denial of service or information disclosure.
Created exiv2 tracking bugs for this issue:
Affects: fedora-all [bug 1564279]
This issue did not affect the versions of Exiv2 as shipped with Red Hat Enterprise Linux 6 and 7.