Several vulnerabilities have been discovered in the EXIF parsing code of the libexif library, which can lead to denial of service or the execution of arbitrary code if a user is tricked into opening a malformed image. The Common Vulnerabilities and Exposures project identifies the following problems: Victor Stinner discovered an integer overflow, which may result in denial of service or potentially the execution of arbitrary code. Meder Kydyraliev discovered an infinite loop, which may result in denial of service. Victor Stinner discovered an integer overflow, which may result in denial of service or potentially the execution of arbitrary code. This update also fixes two potential NULL pointer deferences.