An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9143
Reference (s):
- BID:107161
- URL: http://www.securityfocus.com/bid/107161
- https://github.com/Exiv2/exiv2/issues/711
- https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2imageprinttiffstructure-exiv2-0-27/