EPSS
Percentile
38.1%
libexiv2.so is vulnerable to denial of service (DoS). An attacker can input a malicious PNG file to PngImage::readMetadata() in pngimage.cpp to cause a heap-based buffer overflow which results in a denial of service condition.
PngImage::readMetadata()
pngimage.cpp
bugzilla.suse.com/show_bug.cgi?id=1143280
github.com/Exiv2/exiv2/commit/fa7223d103e763fba7bfd2aa71814e291cc8b511#diff-3cdf312c2a771ea48fc0089e9d30d5e5R117
github.com/Exiv2/exiv2/issues/953
lists.debian.org/debian-lts-announce/2023/01/msg00004.html