Bug 1101886 - (CVE-2018-14338) VUL-1: CVE-2018-14338: exiv2: samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.
(CVE-2018-14338)
VUL-1: CVE-2018-14338: exiv2: samples/geotag.cpp in the example code of Exiv2...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Minor
: ---
Assigned To: Dirk Mueller
Security Team bot
https://smash.suse.de/issue/210769/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-07-19 13:34 UTC by Karol Babioch
Modified: 2018-07-19 13:36 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-07-19 13:34:12 UTC
CVE-2018-14338

samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath
function on POSIX platforms (other than Apple platforms) where glibc is not
used, possibly leading to a buffer overflow.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14338
https://github.com/Exiv2/exiv2/issues/382
Comment 1 Karol Babioch 2018-07-19 13:36:14 UTC
Since we are using glibc, this is not an issue for us.