DEBIAN-CVE-2018-14338

DEBIAN-CVE-2018-14338 PUBLISHED CVSS 8.100000381469727 HIGH

samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.

Risk Scores

CVSS 3.0

8.100000381469727

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:13	exiv2	0, *, 0.28.8+dfsg-1
Debian:11	exiv2	0.28.1+dfsg, 0.28.1+dfsg, 0.28.1+dfsg
Debian:12	exiv2	*, 0.28.1+dfsg-2, 0.28.1+dfsg-3
Debian:14	exiv2	*, 0.28.8+dfsg-1, 0.28.7+dfsg-1

Timeline

Jul 17, 2018 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2018-14338 advisory

Open in Interactive Console →