Gluck-Pwn

**Name of the Vulnerable Software and Affected Versions** Exiv2 versions prior to 0.28.6 **Description** Exiv2 is a C++ library and a command-line utility used to read, write, delete, and modify image metadata (Exif, IPTC, XMP, and ICC). A denial-of-service issue was identified in the ICC profile parsing code within the `jpegBase::readMetadata()` function. This issue stems from a quadratic algorithm that can cause prolonged execution times when processing crafted JPG image files. The denial-of-service is triggered when Exiv2 attempts to read the metadata of a specially crafted JPG image. **Recommendations** Update to Exiv2 version 0.28.6 or later.