It was reported  that when processing certain malformed patterns, fnmatch can skip over the NUL byte terminating the pattern. This can potentially result in an application crash if fnmatch hits an unmapped page before encountering a NUL byte.
Upstream bug report:
The fix is here:
Created glibc tracking bugs for this issue:
Affects: fedora-all [bug 1197732]
There are two other related bugs in fnmatch that have been fixed upstream and that need to be backported if 18032 is to be because the test in 18032 depends on those fixes:
(In reply to Martin Sebor from comment #3)
> There are two other related bugs in fnmatch that have been fixed upstream
> and that need to be backported if 18032 is to be because the test in 18032
> depends on those fixes:
Both of those look good to me.
CVE request via:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2015:2199 https://rhn.redhat.com/errata/RHSA-2015-2199.html