In Exiv2 0.26, there is a stack out-of-bounds read in JPEG2000 parser. A crafted input will lead to a denial of service attack. References: http://www.openwall.com/lists/oss-security/2017/06/30/1 Upstream issue: https://github.com/Exiv2/exiv2/issues/177
Created exiv2 tracking bugs for this issue: Affects: fedora-all [bug 1475370]