A flaw was found in Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "!= 0x1c" case. References: https://github.com/Exiv2/exiv2/issues/263 https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md
Created exiv2 tracking bugs for this issue: Affects: fedora-all [bug 1566727]
I believe this CVE is a duplicate of CVE-2017-17724 (https://bugzilla.redhat.com/show_bug.cgi?id=1545237).
Closing as MITRE has rejected CVE-2018-9306 as a duplicate of CVE-2017-17724 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9306).
Statement: This flaw was found to be a duplicate of CVE-2017-17724. Please see https://access.redhat.com/security/cve/CVE-2017-17724 for information about affected products and security errata.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1577 https://access.redhat.com/errata/RHSA-2020:1577