{"id":"CVE-2018-18718","details":"An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer.","modified":"2026-04-16T06:17:13.147439377Z","published":"2018-10-29T12:29:06.400Z","related":["openSUSE-SU-2019:0022-1","openSUSE-SU-2024:10832-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00002.html"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/gthumb/issues/18"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/gthumb","events":[{"introduced":"0"},{"last_affected":"28f951e14aae66b96d7a03aa887ca3844824cecb"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.6.2"}]}}],"versions":["2.13.2","2.13.3","2.13.90","2.13.91","2.90.1","2.90.2","2.90.3","3.0.0","3.0.1","3.1.1","3.1.2","3.1.3","3.1.4","3.2.0","3.3.2","3.3.3","3.3.4","3.4.0","3.4.1","3.5.1","3.5.2","3.5.3","3.5.4","3.6.0","3.6.1","3.6.2","GTHUMB_2_10_0","GTHUMB_2_10_1","GTHUMB_2_11_1","GTHUMB_2_11_2","GTHUMB_2_11_2_1","GTHUMB_2_11_3","GTHUMB_2_11_4","GTHUMB_2_11_5","GTHUMB_2_11_6","GTHUMB_2_11_90","GTHUMB_2_11_91","GTHUMB_2_11_92","GTHUMB_2_12_0","GTHUMB_2_13_1","GTHUMB_2_4_0","GTHUMB_2_7_3","GTHUMB_2_7_4","GTHUMB_2_7_5","GTHUMB_2_7_5_1","GTHUMB_2_7_6","GTHUMB_2_7_7","GTHUMB_2_7_8","GTHUMB_2_7_9","GTHUMB_2_9_1","GTHUMB_2_9_2","GTHUMB_2_9_3","start"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18718.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}