Ubuntu Security Notice 478-1 - Sean Larsson discovered that libexif did not correctly verify the size of EXIF components. By tricking a user into opening an image with specially crafted EXIF headers, a remote attacker could cause the application using libexif to execute arbitrary code with user privileges.
b743d41bc125e30e6d81088f373eb1a64c75a1b7e57fa959a67a6e595852bedf