Name of the Vulnerable Software and Affected Versions Exiv2 version 0.26

Description A heap-based buffer over-read issue exists in the Exiv2::Internal::PngChunk::keyTXTChunk function, located in pngchunk int.cpp. This can be triggered by a crafted PNG file, potentially leading to a remote denial of service attack.

Recommendations For Exiv2 version 0.26, consider disabling the use of the Exiv2::Internal::PngChunk::keyTXTChunk function until a patch is available. Restrict access to handling PNG files to minimize the risk of exploitation.