There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a denial of service attack.
Created exiv2 tracking bugs for this issue:
Affects: fedora-all [bug 1660427]
Created mingw-exiv2 tracking bugs for this issue:
Affects: fedora-all [bug 1660428]
This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.