A flaw was found in Exiv2 0.26, function Exiv2::Image::byteSwap2 in image.cpp file has a heap-based buffer over-read. This allows attackers to cause a denial of service attack. References: https://bugzilla.redhat.com/show_bug.cgi?id=1575201
Created exiv2 tracking bugs for this issue: Affects: fedora-all [bug 1577321]
Closing as NOTABUG. The POC doesn't reach the byteSwap2 function. The reporter said that the POC was for Ubuntu 16.04, not RHEL.