Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
{ "binaries": [ { "binary_version": "0.25-2.1ubuntu16.04.2", "binary_name": "exiv2" }, { "binary_version": "0.25-2.1ubuntu16.04.2", "binary_name": "libexiv2-14" }, { "binary_version": "0.25-2.1ubuntu16.04.2", "binary_name": "libexiv2-dev" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "0.25-3.1ubuntu0.18.04.1", "binary_name": "exiv2" }, { "binary_version": "0.25-3.1ubuntu0.18.04.1", "binary_name": "libexiv2-14" }, { "binary_version": "0.25-3.1ubuntu0.18.04.1", "binary_name": "libexiv2-dev" } ], "availability": "No subscription required" }