Name of the Vulnerable Software and Affected Versions Exiv2 version 0.27.99.0

Description The issue allows attackers to cause a denial of service, specifically a heap-based buffer over-read, by utilizing a crafted image file. This is related to the Exiv2::PngImage::readMetadata() function in the pngimage.cpp file.

Recommendations For Exiv2 version 0.27.99.0, consider avoiding the use of the Exiv2::PngImage::readMetadata() function until a patch is available. As a temporary workaround, restrict the processing of image files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.