libexif is vulnerable to denial of service (DoS). An attacker is able to upload a malicious JPEG file to cause a NULL Pointer Deference in the “actions.c”, leading to an application crash.
github.com/libexif/exif/commit/eb84b0e3c5f2a86013b6fcfb800d187896a648fa
github.com/libexif/exif/commit/f6334d9d32437ef13dc902f0a88a2be0063d9d1c
github.com/libexif/exif/issues/4
lists.fedoraproject.org/archives/list/[email protected]/message/JSWAXZVNXYLV3E4R6YQTEGRGMGWEAR76/
lists.fedoraproject.org/archives/list/[email protected]/message/QMC6OTXZRPCUD3LOSWO4ISR7CH7NJQDT/
lists.fedoraproject.org/archives/list/[email protected]/message/YZQ3L45F7S7PQPG5HEHXOCGNOO64MJOS/