There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. References: https://bugzilla.redhat.com/show_bug.cgi?id=1465061
Red Hat is not upstream for this.
Our snapshot of 0.26 is not vulnerable to this particular bug.
GLSA Vote: No