There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
Debian Bug report logs -
#897134
CVE-2017-14858
Package:
exiv2;
Maintainer for exiv2 is Debian KDE Extras Team <pkg-kde-extras@listsaliothdebianorg>; Source for exiv2 is src:exiv2 (PTS, buildd, popcon)
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Sat, 28 Apr 2018 20:45:02 UTC
Severity: important
Tags: s ...