In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure.
An out-of-bound read has been found in Exiv2 in the way binary bytes are converted to string An attacker could potentially use this flaw to crash the Exiv2 CLI utility program by tricking it into processing a crafted TIFF image ...