It was found that specially crafted XIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags could be used for a denial of service. References: https://seclists.org/bugtraq/2018/Dec/31
Created libexif tracking bugs for this issue: Affects: fedora-all [bug 1663879]
Upstream patch: https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89
External References: https://seclists.org/bugtraq/2018/Dec/31
Function exif_data_load_data_content() in exif-data.c recursively calls itself when EXIF_TAG_EXIF_IFD_POINTER, EXIF_TAG_INTEROPERABILITY_IFD_POINTER or EXIF_TAG_GPS_INFO_IFD_POINTER tags are found. A specially crafted file may abuse this recursion by making the program waste a lot of time on it.