A flaw was found in Exiv2 0.26. An infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader. This could lead to a denial of service caused by an integer overflow via a crafted PSD image file.
Created exiv2 tracking bugs for this issue:
Affects: fedora-all [bug 1649102]
This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:2101 https://access.redhat.com/errata/RHSA-2019:2101
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):