Tags: patch security upstream
the following vulnerability was published for exiv2.
| Exiv2 0.26 has a Null Pointer Dereference in the
| Exiv2::DataValue::toLong function in value.cpp, related to crafted
| metadata in a TIFF file.
The underlying issue according to  is that the code is trying to
pring a value in the if statement:
if (Params::instance().printItems_ & Params::prValue)
when this might not be possible. Fix is done via .
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
Please adjust the affected versions in the BTS as needed, please
double check my assessment for it back to 0.24-1 is done right.
The poc does not trigger, if I'm not completely wrong the affected
code is there.
pkg-kde-extras mailing list