JLSEC-2025-174

Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2025/JLSEC-2025-174.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-174.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2025-174
Upstream
Published
2025-10-21T17:24:37.757Z
Modified
2026-07-18T00:00:10.648418218Z
Severity
Summary
An issue was discovered in GNU gettext 0.19.8
Details

An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in pogramparse in po-gram-gen.y, as demonstrated by lt-msgfmt.

Database specific
{
    "sources": [
        {
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2018-18751",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18751",
            "modified": "2026-06-17T01:47:49.847Z",
            "published": "2018-10-29T12:29:09.617Z",
            "imported": "2026-07-17T20:41:09.425Z",
            "id": "CVE-2018-18751",
            "database_specific": {
                "status": "Modified"
            }
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / Gettext_jll

Package

Name
Gettext_jll
Purl
pkg:julia/Gettext_jll?uuid=78b55507-aeef-58d4-861c-77aaff3498b1

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.20.1+1

Database specific

source
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-174.json"