Name of the Vulnerable Software and Affected Versions:

Exiv2 versions prior to 0.27.4-RC1

Description:

The issue is related to the `Jp2Image::readMetadata()` function in the `jp2image.cpp` component of the Exiv2 library, which is used for managing media file metadata. The problem arises from improper input validation of the `rawData.size` property. This can lead to a heap-based buffer overflow when a specially crafted JPG image containing malicious EXIF data is processed. As a result, a remote attacker could potentially gain access to confidential data and cause a denial of service.

Recommendations:

For Exiv2 versions prior to 0.27.4-RC1, consider updating to a version later than 0.27.4-RC1 to resolve the issue.

As a temporary workaround, consider restricting the use of the `Jp2Image::readMetadata()` function in `jp2image.cpp` until a patch is available.

Avoid using the `rawData.size` property in the affected `Jp2Image::readMetadata()` function until the issue is resolved.