Ubuntu has issued an advisory for this today (November 10):
https://ubuntu.com/security/notices/USN-4624-1

Severity: normal => major

Suggested advisory:
========================

The updated packages fix a security vulnerability:

In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation. (CVE-2020-0452)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0452
https://www.debian.org/security/2020/dsa-4786
https://ubuntu.com/security/notices/USN-4624-1
========================

Updated packages in core/updates_testing:
========================
libexif12-common-0.6.22-1.2.mga7
lib(64)exif12-0.6.22-1.2.mga7
lib(64)exif-devel-0.6.22-1.2.mga7

from SRPM:
libexif-0.6.22-1.2.mga7.src.rpm

CC: (none) => nicolas.salguero
Status: NEW => ASSIGNED
Assignee: nicolas.salguero => qa-bugs
Version: Cauldron => 7
CVE: (none) => CVE-2020-0452
Whiteboard: MGA7TOO => (none)

MGA7-64 MATE on Peaq C1011
No installation issues.?
Testing along ther lines of previous updates.
$ exif IMG_20200328_172150.jpg 
EXIF tags in 'IMG_20200328_172150.jpg' ('Motorola' byte order):
--------------------+----------------------------------------------------------
Tag                 |Value
--------------------+----------------------------------------------------------
Image Width         |1840
Image Length        |3264
Bits per Sample     |8, 8, 8
Manufacturer        |HUAWEI
Model               |VTR-L09
etc ......
Looks OK, but
$ exif RAW_NIKON_E5700_SRGB.NEF 
Corrupt data
The data provided does not follow the specification.
ExifLoader: The data supplied does not seem to contain EXIF data.
[tester7@mach6 RawORF]$ exif P7212389.ORF 
Corrupt data
The data provided does not follow the specification.
ExifLoader: The data supplied does not seem to contain EXIF data.
These are files that have been used in previous updates with success. Also opened the last one with UFRaw and there exif info shows.

CC: (none) => herman.viaene

Mageia 7 Plasma x86_64

This update installs:
libexif12-common               0.6.22       1.2.mga7      x86_64 
lib64exif12                    0.6.22       1.2.mga7      x86_64

Installation OK.
$ exif /home/aurelien/Images/Smartphone/IMG_20200502_162603.jpg 
Marqueurs EXIF dans « /home/aurelien/Images/Smartphone/IMG_20200502_162603.jpg » (ordre des octets « Motorola ») :
--------------------+----------------------------------------------------------
Marqueur            |Valeur
--------------------+----------------------------------------------------------
Largeur de l'image  |4000
Modèle              |Mi 9T Pro
Longueur de l'image |2250
Orientation         |Droit-haut
Date et heure       |2020:05:02 16:26:05
Positionnement YCbCr|Centré
Unité de la résoluti|pouces
Résolution X        |72
Résolution Y        |72
Constructeur        |Xiaomi
Orientation         |Droit-haut
Compression         |Compression JPEG
Unité de la résoluti|pouces
Résolution X        |72
Résolution Y        |72
Valeurs de vitesse I|112
Programme d'expositi|Programme normal
Nombre d'ouverture  |f/1,8
Temps d'exposition  |1/131 sec.
Méthode d'acquisitio|Non défini
Temps inférieur à la|874909
Temps inférieur à la|874909
Temps inférieur à la|874909
Longueur focale     |4,8 mm
Flash               |Le flash n'a pas déclenché, mode auto
Source lumineuse    |D65
Mode de mesure      |Pondération centrale
Type de capture de l|Standard
Longueur focale dans|26
Valeur d'ouverture m|1,61 EV (f/1,7)
Date et heure (numér|2020:05:02 16:26:05
Correction d'exposit|0,00 EV
Dimension Y du pixel|2250
Balance des blancs  |Balance des blancs automatique
Date et heure (origi|2020:05:02 16:26:05
Luminosité          |3,73 EV (45,46 cd/m²)
Dimension X du pixel|4000
Mode d'exposition   |Exposition automatique
Ouverture           |1,61 EV (f/1,7)
Configuration des co|Y Cb Cr -
Espace des couleurs |sRGB
Type de scène       |Photographié directement
Vitesse d'obturation|7,03 EV (1/131 sec.)
Version d'exif      |Exif version 2.2
FlashPixVersion     |FlashPix version 1.0
Latitude Nord ou Sud|N
Latitude            |49, 37, 3,3312
Longitude Est ou Oue|E
Longitude           | 3, 12, 10,7891
Référence d'altitude|Niveau de la mer
Altitude            |72,626
Heure GPS (horloge a|14:26:04,00
Nom de la méthode de|12 octets de données inconnues
Date GPS            |2020:05:02
Index d'interopérabi|R98
Version d'interopéra|0100
--------------------+----------------------------------------------------------
Les données EXIF contiennent une vignette (11638 octets).

@Herman,
$ urpmq -i exif
Summary     : Command line tools to access EXIF extensions in JPEG files
Description :
Most digital cameras produce EXIF files, which are JPEG files with
extra tags that contain information about the image. The EXIF library
allows you to parse an EXIF file and read the data from those tags.

This package contains a command line frontend for the EXIF library.

I really don't think it can be tested on RAW files like NEF (NIKON)...

MGA7-OK-64 for me.

CC: (none) => ouaurelien

No installation issues. Using exif on an image from a Canon digital camera, I get the following:

$ exif IMG_0704.JPG 
EXIF tags in 'IMG_0704.JPG' ('Intel' byte order):
--------------------+----------------------------------------------------------
Tag                 |Value
--------------------+----------------------------------------------------------
Manufacturer        |Canon
Model               |Canon PowerShot A540
Orientation         |Left-bottom
X-Resolution        |180
Y-Resolution        |180
Resolution Unit     |Inch
Date and Time       |2020:08:06 20:43:34
YCbCr Positioning   |Centered
Compression         |JPEG compression
X-Resolution        |180
Y-Resolution        |180
Resolution Unit     |Inch
Exposure Time       |1/60 sec.
F-Number            |f/2.6
Exif Version        |Exif Version 2.2
Date and Time (Origi|2020:08:06 20:43:34
Date and Time (Digit|2020:08:06 20:43:34
Components Configura|Y Cb Cr -
Compressed Bits per | 5
Shutter Speed       |5.91 EV (1/60 sec.)
Aperture            |2.75 EV (f/2.6)
Exposure Bias       |0.00 EV
Maximum Aperture Val|2.75 EV (f/2.6)
Metering Mode       |Pattern
Flash               |Flash fired, auto mode, red-eye reduction mode
Focal Length        |5.8 mm
Maker Note          |1882 bytes undefined data
User Comment        |
FlashPixVersion     |FlashPix Version 1.0
Color Space         |sRGB
Pixel X Dimension   |2816
Pixel Y Dimension   |2112
Focal Plane X-Resolu|12515.556
Focal Plane Y-Resolu|12497.041
Focal Plane Resoluti|Inch
Sensing Method      |One-chip color area sensor
File Source         |DSC
Custom Rendered     |Normal process
Exposure Mode       |Auto exposure
White Balance       |Auto white balance
Digital Zoom Ratio  |1.0000
Scene Capture Type  |Standard
Interoperability Ind|R98
Interoperability Ver|0100
RelatedImageWidth   |2816
RelatedImageLength  |2112
--------------------+----------------------------------------------------------
EXIF data contains a thumbnail (4491 bytes).

I saw similar data from images taken by an Olympus camera.

@Herman: Attempting to get exif data from a jpg image that wasn't directly from a camera, one that had been edited with The GIMP or created with a scanner, resulted in the same error messages you saw.

Validating. Advisory in Comment 2.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Urpmq --whatrequires shows Thunar to have lib64exif12 as a dependency, and Thunar also shows some exif data with the "Image" tab under "Properties" for jpg images that were directly from a camera, confirming the update.

Advisory pushed to SVN.

Keywords: (none) => advisory

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0426.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED