QID 671123

A command line utility to access image metadata, allowing one to: * print the exif metadata of jpeg images as summary info, interpreted values,or the plain data for each tag * print the iptc metadata of jpeg images * print the jpeg comment of jpeg images * set, add and delete exif and iptc metadata of jpeg images * adjust the exif timestamp (thats how it all started...) * rename exif image files according to the exif timestamp * extract, insert and delete exif metadata (including thumbnails),iptc metadata and jpeg comments security fix(es): exiv2 0.26 has a heap-based buffer over-read in webpimage::decodechunks in webpimage.cpp.(cve-2018-14046) there is a heap-based buffer over-read in the exiv2::texttodatabuf function of pngimage.cpp in exiv2 0.27-rc3.
A crafted input will lead to a remote denial of service attack.(cve-2018-20096) there is a heap-based buffer over-read in exiv2::jp2image::encodejp2header of jp2image.cpp in exiv2 0.27-rc3.
A crafted input will lead to a remote denial of service attack.(cve-2018-20098) there is an infinite loop in exiv2::jp2image::encodejp2header of jp2image.cpp in exiv2 0.27-rc3.
Readmetadata in jp2image.cpp allows remote attackers to cause a denial of service (sigabrt) by triggering an incorrect safe::add call.(cve-2018-10998) an issue was discovered in exiv2 0.26.
The function exiv2::datavalue::copy in value.cpp has a null pointer dereference.(cve-2018-17282) exiv2 0.26 contains a stack out of bounds read in webp parser(cve-2017-1000126) in exiv2 0.26, there is a heap-based buffer over-read in the exiv2::image::byteswap4 function in image.cpp.

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

An arbitrary attacker may exploit this vulnerability to compromise the system.