[automatic] Publish 1 advisory for Gettext_jll

advisories/published/2025/JLSEC-0000-mns69g5iw-15ipc3w.md

@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.3"
+id = "JLSEC-0000-mns69g5iw-15ipc3w"
+modified = 2025-10-19T19:45:10.904Z
+upstream = ["CVE-2018-18751"]
+references = ["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00061.html", "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00065.html", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00025.html", "https://access.redhat.com/errata/RHSA-2019:3643", "https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-gettext-0.19.8.1/doublefree", "https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-gettext-0.19.8.1/heapcorruption", "https://usn.ubuntu.com/3815-1/", "https://usn.ubuntu.com/3815-2/", "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00061.html", "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00065.html", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00025.html", "https://access.redhat.com/errata/RHSA-2019:3643", "https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-gettext-0.19.8.1/doublefree", "https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-gettext-0.19.8.1/heapcorruption", "https://usn.ubuntu.com/3815-1/", "https://usn.ubuntu.com/3815-2/"]
+
+[[affected]]
+pkg = "Gettext_jll"
+ranges = ["< 0.20.1+1"]
+
+[[jlsec_sources]]
+id = "CVE-2018-18751"
+imported = 2025-10-19T19:45:10.904Z
+modified = 2024-11-21T03:56:31.223Z
+published = 2018-10-29T12:29:09.617Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2018-18751"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2018-18751"
+```
+
+# An issue was discovered in GNU gettext 0.19.8
+
+An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
+