{"id":"UBUNTU-CVE-2018-18751","details":"An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.","modified":"2026-02-04T03:04:56.083824Z","published":"2018-10-29T00:00:00Z","related":["USN-3815-1","USN-3815-2"],"upstream":["CVE-2018-18751"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-18751"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3815-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3815-2"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2018-18751"}],"affected":[{"package":{"name":"gettext","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/gettext@0.18.3.1-1ubuntu3.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.18.3.1-1ubuntu3.1"}]}],"versions":["0.18.1.1-10ubuntu3","0.18.3.1-1ubuntu1","0.18.3.1-1ubuntu2","0.18.3.1-1ubuntu3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"autopoint","binary_version":"0.18.3.1-1ubuntu3.1"},{"binary_name":"gettext","binary_version":"0.18.3.1-1ubuntu3.1"},{"binary_name":"gettext-base","binary_version":"0.18.3.1-1ubuntu3.1"},{"binary_name":"gettext-el","binary_version":"0.18.3.1-1ubuntu3.1"},{"binary_name":"libasprintf-dev","binary_version":"0.18.3.1-1ubuntu3.1"},{"binary_name":"libasprintf0c2","binary_version":"0.18.3.1-1ubuntu3.1"},{"binary_name":"libgettextpo-dev","binary_version":"0.18.3.1-1ubuntu3.1"},{"binary_name":"libgettextpo0","binary_version":"0.18.3.1-1ubuntu3.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-18751.json"}},{"package":{"name":"gettext","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/gettext@0.19.7-2ubuntu3.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.19.7-2ubuntu3.1"}]}],"versions":["0.19.4-1ubuntu3","0.19.6-1ubuntu1","0.19.7-2ubuntu2","0.19.7-2ubuntu3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"autopoint","binary_version":"0.19.7-2ubuntu3.1"},{"binary_name":"gettext","binary_version":"0.19.7-2ubuntu3.1"},{"binary_name":"gettext-base","binary_version":"0.19.7-2ubuntu3.1"},{"binary_name":"gettext-el","binary_version":"0.19.7-2ubuntu3.1"},{"binary_name":"libasprintf-dev","binary_version":"0.19.7-2ubuntu3.1"},{"binary_name":"libasprintf0v5","binary_version":"0.19.7-2ubuntu3.1"},{"binary_name":"libgettextpo-dev","binary_version":"0.19.7-2ubuntu3.1"},{"binary_name":"libgettextpo0","binary_version":"0.19.7-2ubuntu3.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-18751.json"}},{"package":{"name":"gettext","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/gettext@0.19.8.1-6ubuntu0.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.19.8.1-6ubuntu0.1"}]}],"versions":["0.19.8.1-4ubuntu1","0.19.8.1-4ubuntu2","0.19.8.1-4ubuntu4","0.19.8.1-6"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"autopoint","binary_version":"0.19.8.1-6ubuntu0.1"},{"binary_name":"gettext","binary_version":"0.19.8.1-6ubuntu0.1"},{"binary_name":"gettext-base","binary_version":"0.19.8.1-6ubuntu0.1"},{"binary_name":"gettext-el","binary_version":"0.19.8.1-6ubuntu0.1"},{"binary_name":"libasprintf-dev","binary_version":"0.19.8.1-6ubuntu0.1"},{"binary_name":"libasprintf0v5","binary_version":"0.19.8.1-6ubuntu0.1"},{"binary_name":"libgettextpo-dev","binary_version":"0.19.8.1-6ubuntu0.1"},{"binary_name":"libgettextpo0","binary_version":"0.19.8.1-6ubuntu0.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-18751.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}