CVE-2018-18751

CVE-2018-18751 affects GNU gettext up to version 0.19.8. The issue is a double free in default_add_message in read-catalog.c, with a related improper free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. Several connected advisories confirm impact and fixes across platforms: Arch ...

CVE-2004-0966

CVE-2004-0966 : The GNU gettext package (versions 1.14 and later) contains insecure handling in the autopoint and gettextize scripts that can create or overwrite files via a symlink attack on temporary files. This affects Trustix Secure Linux 1.5–2.1 and other OSs that ship gettext. The vulnerabi...