Lowkevinbackhouse

**Name of the Vulnerable Software and Affected Versions** Exiv2 versions v0.27.3 and earlier **Description** A heap buffer overflow was found in Exiv2 when used to write metadata into a crafted image file. This could potentially allow an attacker to gain code execution if they can trick the victim into running Exiv2 on a crafted image file. The bug is only triggered when writing metadata, which is a less frequently used operation than reading metadata. For example, to trigger the bug in the Exiv2 command-line application, an extra command-line argument such as `insert` is needed. **Recommendations** For Exiv2 versions v0.27.3 and earlier, update to version v0.27.4 to resolve the issue. As a temporary workaround, consider avoiding the use of the `insert` command-line argument or any other operation that triggers metadata writing until the update is applied. Restrict access to potentially crafted image files to minimize the risk of exploitation.