A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS). References: https://github.com/Exiv2/exiv2/issues/980
Created exiv2 tracking bugs for this issue: Affects: fedora-all [bug 1988981]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-19716
Flaw summary: In rafimage.cpp, Exiv2::DataBuf::DataBuf() attempts to allocate (via `new`) a buffer of `size`. As `size` is controlled by an input file, it could be too large in which case it will either cause a giant allocation or failure, resulting in NULL pointer. There is no check for NULL prior to calling std::memcpy() and attempting to write data to the buffer. This could lead to a crash of the application linked with the exiv2 library.