An issue was found in Exiv2 v0.27-RC2. A NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp allows remote attackers to cause a denial of service via a crafted file. References: https://github.com/Exiv2/exiv2/issues/561
Created exiv2 tracking bugs for this issue: Affects: fedora-all [bug 1656196]
Patch: https://github.com/Exiv2/exiv2/commit/6e42c1b55e0fc4f360cc56010b0ffe19aa6062d9
Statement: This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 7. This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise 6.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2101 https://access.redhat.com/errata/RHSA-2019:2101
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-19607
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1577 https://access.redhat.com/errata/RHSA-2020:1577