There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a denial of service attack (heap memory corruption) via crafted input. Product bug: https://bugzilla.redhat.com/show_bug.cgi?id=1473889
Created exiv2 tracking bugs for this issue: Affects: fedora-all [bug 1475370]
Upstream Issue: https://github.com/Exiv2/exiv2/issues/56