A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file. Upstream Issue: https://github.com/Exiv2/exiv2/issues/741
Created exiv2 tracking bugs for this issue: Affects: fedora-all [bug 2002680] Created mingw-exiv2 tracking bugs for this issue: Affects: fedora-all [bug 2002679]
Patch: https://github.com/Exiv2/exiv2/pull/558
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1797 https://access.redhat.com/errata/RHSA-2022:1797
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1842 https://access.redhat.com/errata/RHSA-2022:1842
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-18898