id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc 3078,Corrupt EXIF info can cause stack buffer overflow in JPEG driver,Even Rouault,Even Rouault,"2 possible flaws : * EXIFPrintData() can write data after the end of the output buffer (allocated on stack in EXIFExtractMetadata) if tdir_count is too big * the tdir_type value is not checked for validity. Read can then occur outside of the datatype array. Using TIFFDataWidth() instead and checking for handled datatypes will fix that.",defect,closed,normal,1.6.2,default,unspecified,normal,fixed,,warmerdam