I have tracked this down to the following change in CVE-2021-37620-3.patch (Ubuntu src package exiv2-0.27.3-3ubuntu1.5):
=================================================================== --- exiv2-0.27.3.orig/src/tags_int.cpp +++ exiv2-0.27.3/src/tags_int.cpp @@ -2865,7 +2865,7 @@ namespace Exiv2 { }
std::string stringValue = value.toString(); - if (stringValue[19] == 'Z') { + if (stringValue.at(19) == 'Z') { stringValue = stringValue.substr(0, 19); } for (size_t i = 0; i < stringValue.length(); ++i) {
I have tracked this down to the following change in CVE-2021- 37620-3. patch (Ubuntu src package exiv2-0. 27.3-3ubuntu1. 5):
======= ======= ======= ======= ======= ======= ======= ======= ======= ==== 27.3.orig/ src/tags_ int.cpp 27.3/src/ tags_int. cpp
--- exiv2-0.
+++ exiv2-0.
@@ -2865,7 +2865,7 @@ namespace Exiv2 {
}
- if (stringValue[19] == 'Z') {
+ if (stringValue.at(19) == 'Z') {
}
for (size_t i = 0; i < stringValue.