There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
Fixed in >=media-gfx/exiv2-0.26_p20171018.
Cleanup done in git commit cdb23e8b3608be50daebdeb5d904b179a58d8339
New GLSA request filed.
Gentoo Security Padawan
Downgrading to B3, DoS only.
Repository is clean, all done.