Re: gthumb CVE-2018-18718 - CWE-415: Double Free

To: Herbert Fortes <terberh@gmail.com>
Cc: debian-lts@lists.debian.org
Subject: Re: gthumb CVE-2018-18718 - CWE-415: Double Free
From: Markus Koschany <apo@debian.org>
Date: Sat, 3 Nov 2018 16:06:07 +0100
Message-id: <[🔎] d6090923-6a00-8f29-7962-6e79b5b6e8d1@debian.org>
In-reply-to: <[🔎] 28ccd39b-04f8-52f8-4d87-fb3a69d92c53@gmail.com>
References: <[🔎] 7818438a-95e7-edd7-067e-4ed1c8e8dc92@gmail.com> <[🔎] d836f52e-10fb-757d-b3e0-537639b9c9c0@debian.org> <[🔎] b75fd930-8325-ef47-b0aa-30214add23f7@gmail.com> <[🔎] 28ccd39b-04f8-52f8-4d87-fb3a69d92c53@gmail.com>

Hello,

I suggest to contact upstream [1] and discuss with them the appropriate
fix for this issue if you are unable to reproduce it. Sometimes crashes
can only be reproduced with certain compiler flags and/or compiler
versions. I also wonder if gthumb is supposed to crash at all.
CVE-2018-18718 is about a double-free vulnerability.

Regards,

Markus


[1] https://gitlab.gnome.org/GNOME/gthumb/issues/18

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: gthumb CVE-2018-18718 - CWE-415: Double Free
  - From: Herbert Fortes <terberh@gmail.com>

References:
- gthumb CVE-2018-18718 - CWE-415: Double Free
  - From: Herbert Fortes <terberh@gmail.com>
- Re: gthumb CVE-2018-18718 - CWE-415: Double Free
  - From: Markus Koschany <apo@debian.org>
- Re: gthumb CVE-2018-18718 - CWE-415: Double Free
  - From: Herbert Fortes <terberh@gmail.com>
- Re: gthumb CVE-2018-18718 - CWE-415: Double Free
  - From: Herbert Fortes <terberh@gmail.com>

Prev by Date: Re: gthumb CVE-2018-18718 - CWE-415: Double Free
Next by Date: Re: gthumb CVE-2018-18718 - CWE-415: Double Free
Previous by thread: Re: gthumb CVE-2018-18718 - CWE-415: Double Free
Next by thread: Re: gthumb CVE-2018-18718 - CWE-415: Double Free
Index(es):
- Date
- Thread