exiv2 is unsafe
Submitted by set..@..al.com
The authors of evix2 are unwilling to make libexiv2 safe for use on arbitrary files: http://dev.exiv2.org/issues/1248 . There are known issues unfixed for more than nine months; no users have stepped forward with patches in the meantime.
As a result I'd like to demote exiv2 from main to universe in Ubuntu to try to limit our risks and risks to our users.
Jeremy Bicha points out that currently it's difficult or impossible to build shotwell without libexiv2 https://bugs.launchpad.net/ubuntu/+source/exiv2/+bug/1706471 .
Ideally someone who cares about Exif data would fork exiv2 and add necessary hardening, or re-write the library entirely afresh in Rust, so that it would be safe to use on arbitrary files.
Possible alternatives include gexiv2 allowing itself to run without the backing exiv2 library and just giving fake answers, or shotwell dynamically loading gexiv2 only if a user wants to use the functionality, or shotwell allowing build-time configuration to remove Exif functionality, or possibly other answers.