CVE-2018-18751

Published: 29 October 2018

An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.

Priority

CVSS 3 base score: 9.8

Status

Package	Release	Status
gettext Launchpad, Ubuntu, Debian	bionic	Released (0.19.8.1-6ubuntu0.1)
	cosmic	Released (0.19.8.1-8ubuntu0.1)
	precise	Released (0.18.1.1-5ubuntu3.1)
	trusty	Released (0.18.3.1-1ubuntu3.1)
	upstream	Needs triage
	xenial	Released (0.19.7-2ubuntu3.1)
	Patches: upstream: https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=commitdiff;h=dce3a16e5e9368245735e29bf498dcd5e3e474a4

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18751
https://ubuntu.com/security/notices/USN-3815-1
https://ubuntu.com/security/notices/USN-3815-2
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›