In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffset function in webpimage.cpp. It can lead to a buffer overflow vulnerability and a crash.
https://github.com/Exiv2/exiv2/pull/962/commits/e925bc5addd881543fa503470c8a859e112cca62
https://github.com/Exiv2/exiv2/issues/960
https://github.com/Exiv2/exiv2/compare/v0.27.2-RC2...v0.27.2