CVE-2018-18718

EUVD-2018-10434
An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
Affected Products (NVD)
VendorProductVersion
gnomegthumb
𝑥
≤ 3.6.2
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gthumb
bookworm
3:3.12.2-3
fixed
bullseye
3:3.11.2-0.1
fixed
sid
3:3.12.6-2
fixed
trixie
3:3.12.6-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gthumb
bionic
Fixed 3:3.6.1-1ubuntu0.1~esm1
released
cosmic
ignored
disco
not-affected
eoan
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
trusty
dne
xenial
Fixed 3:3.4.3-1ubuntu0.1~esm1
released
Common Weakness Enumeration
References
https://gitlab.gnome.org/GNOME/gthumb/issues/18
https://lists.debian.org/debian-lts-announce/2018/11/msg00002.html
https://gitlab.gnome.org/GNOME/gthumb/issues/18
https://lists.debian.org/debian-lts-announce/2018/11/msg00002.html