A vulnerability, which was classified as critical, has been found in Exiv2. Affected by this issue is the function BmffImage::boxHandler of the file bmffimage.cpp. The manipulation leads to memory corruption. The attack may be launched remotely. The name of the patch is a58e52ed702d3bc7b8bab7ec1d70a4849eebece3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212348.
Created exiv2 tracking bugs for this issue:
Affects: fedora-35 [bug 2141916]
Affects: fedora-36 [bug 2141918]
Created mingw-exiv2 tracking bugs for this issue:
Affects: fedora-35 [bug 2141917]
Affects: fedora-36 [bug 2141919]
This is a CVE for a new code that's in unreleased exiv2 and therefore our packages are not affected.