A vulnerability, which was classified as critical, has been found in Exiv2. Affected by this issue is the function BmffImage::boxHandler of the file bmffimage.cpp. The manipulation leads to memory corruption. The attack may be launched remotely. The name of the patch is a58e52ed702d3bc7b8bab7ec1d70a4849eebece3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212348. https://vuldb.com/?id.212348 https://github.com/Exiv2/exiv2/commit/a58e52ed702d3bc7b8bab7ec1d70a4849eebece3
Created exiv2 tracking bugs for this issue: Affects: fedora-35 [bug 2141916] Affects: fedora-36 [bug 2141918] Created mingw-exiv2 tracking bugs for this issue: Affects: fedora-35 [bug 2141917] Affects: fedora-36 [bug 2141919]
This is a CVE for a new code that's in unreleased exiv2 and therefore our packages are not affected.