The Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file.
-Gentoo Security Padawan-
This is still pending upstream and has been recently marked as a TODO item for 0.27.
Closed as not reproducible: https://github.com/Exiv2/exiv2/issues/307#issuecomment-422579116
This should also be fixed since disabling printStructure() in https://github.com/Exiv2/exiv2/pull/180 (bug 647810, media-gfx/exiv2-0.26_p20180811-r2).
Cleanup/KDE done here.
Arches and Maintainer(s), Thank you for your work.
New GLSA Request filed.
This issue was resolved and addressed in
GLSA 201811-14 at https://security.gentoo.org/glsa/201811-14
by GLSA coordinator Aaron Bauman (b-man).