CVE-2018-16336

Name of the Vulnerable Software and Affected Versions: Exiv2 version 0.26

Description: The issue is related to a heap-based buffer over-read in the Exiv2::Internal::PngChunk::parseTXTChunk function, which can be exploited by remote attackers using a crafted image file to cause a denial of service. This is a result of a buffer over-read vulnerability in the Exiv2 library for media file metadata management.

Recommendations: For Exiv2 version 0.26, consider disabling the Exiv2::Internal::PngChunk::parseTXTChunk function as a temporary workaround until a patch is available. Restrict access to handling crafted image files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.