A flaw was found in Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "!= 0x1c" case.
Created exiv2 tracking bugs for this issue:
Affects: fedora-all [bug 1566727]
I believe this CVE is a duplicate of CVE-2017-17724 (https://bugzilla.redhat.com/show_bug.cgi?id=1545237).
Closing as MITRE has rejected CVE-2018-9306 as a duplicate of CVE-2017-17724 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9306).
This flaw was found to be a duplicate of CVE-2017-17724. Please see https://access.redhat.com/security/cve/CVE-2017-17724 for information about affected products and security errata.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2020:1577 https://access.redhat.com/errata/RHSA-2020:1577