CVE-2018-14338

samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
exiv2exiv2
0.26
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
exiv2
bookworm
unimportant
bullseye
unimportant
bullseye (security)
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
exiv2
artful
ignored
bionic
not-affected
trusty
dne
xenial
not-affected
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
exiv2
RHEL 8
0:0.27.2-5.el8
fixed
exiv2-devel
RHEL 8
0:0.27.2-5.el8
fixed
exiv2-doc
RHEL 8
0:0.27.2-5.el8
fixed
exiv2-libs
RHEL 8
0:0.27.2-5.el8
fixed
gegl
RHEL 8
0:0.2.0-39.el8
fixed
gnome-color-manager
RHEL 8
0:3.28.0-3.el8
fixed
libgexiv2
RHEL 8
0:0.10.8-4.el8
fixed
libgexiv2-devel
RHEL 8
0:0.10.8-4.el8
fixed
Common Weakness Enumeration
References
https://github.com/Exiv2/exiv2/issues/382
https://github.com/Exiv2/exiv2/issues/382