CVE-2018-14338 (NVD)

2018-07-17

samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.

Products Exiv2
Type Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)
First patch - None (likely due to unavailable code)
Links https://github.com/Exiv2/exiv2/issues/382