In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
Created exiv2 tracking bugs for this issue:
Affects: fedora-all [bug 1800473]
The flaw seems to be introduced in exiv2 upstream version v0.27.2 after commit https://github.com/Exiv2/exiv2/commit/edb4bf78ca5820f2c7a852c8f2df11e6aba45704.
This commit added a new check in function MemIo::seek() in basicio.cpp which made it possible to return without setting variable p_->idx_, thus causing the infinite loop in the calling function Jp2Image::readMetadata() in jp2image.cpp.
This flaw did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6, 7, and 8 as they did not include the vulnerable code, which was introduced in a later version of the library.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2020:1577 https://access.redhat.com/errata/RHSA-2020:1577