This vulnerability in libexif (up to version 0.6.25) involves an integer underflow (CWE-191) during size validation when decoding Fuji and Olympus MakerNote metadata. An attacker could exploit this flaw to trigger a crash or cause information leakage in applications that utilize libexif for image metadata processing. The CVSS 3.1 base score is 4.0, reflecting low attack vector (local), high attack complexity, no privileges required, no user interaction, and limited confidentiality and availability impacts. No official remediation or patch is currently documented.

Exploitation of this vulnerability may lead to denial of service via application crash or limited information disclosure from affected programs using libexif. The impact is limited to confidentiality and availability with no integrity impact. The attack requires local access and has high complexity, reducing the likelihood of widespread exploitation. No known exploits have been reported.

Patch status is not yet confirmed — check the libexif project advisory or official channels for updates on fixes. Until a patch is available, users should consider restricting local access to systems processing untrusted images with libexif and monitor for updates from the vendor. No official remediation guidance has been published.