Changelog
gthumb (3:3.4.4.1-5+deb9u1) stretch; urgency=medium
* debian/patches/
- cve-2018-18718.patch file (Closes: #912290)
CVE-2018-18718 - CWE-415: Double Free
The product calls free() twice on the same memory address, potentially
leading to modification of unexpected memory locations.
There is a suspected double-free bug with
static void add_themes_from_dir() dlg-contact-sheet.c. This method
involves two successive calls of g_free(buffer) (line 354 and 373),
and is likely to cause double-free of the buffer. One possible fix
could be directly assigning the buffer to NULL after the first call
of g_free(buffer). Thanks Tianjun Wu
https://gitlab.gnome.org/GNOME/gthumb/issues/18
-- Herbert Parentes Fortes Neto <email address hidden> Thu, 18 Jul 2019 16:57:48 -0300