Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 428
Alerts This Week
Warning Icon 1 428

Debian 8: DLA-1567-1 Critical: gthumb Double Free Vulnerability Fix

debian lts
Calendar Grey November 5, 2018
Dist Debian Esm H88
Enhance gthumb because of CVE-2018-18718 linked to memory control issues. Read on for specifics regarding the resolution!
CVE-2018-18718 - CWE-415: Double Free The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations

Summary

There is a suspected double-free bug with
static void add_themes_from_dir() dlg-contact-sheet.c. This method
involves two successive calls of g_free(buffer) (line 354 and 373),
and is likely to cause double-free of the buffer. One possible fix
could be directly assigning the buffer to NULL after the first call
of g_free(buffer). Thanks Tianjun Wu


For Debian 8 "Jessie", this problem has been fixed in version
3:3.3.1-2.1+deb8u1

We recommend that you upgrade your gthumb packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
critical
Lowest
Low
Medium
High
Critical

<pre><font face="Courier">Package: gthumb
Version: 3:3.3.1-2.1+deb8u1
CVE ID: CVE-2018-18718
Debian Bug: #912290

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.