← Back
2025-12-24 19:27CVE-2018-25153VulnCheck
PUBLISHED5.2CWE-401

GNU Barcode 0.99 Memory Leak Vulnerability in Command Line Processing

GNU Barcode 0.99 contains a memory leak vulnerability in the command line processing function within cmdline.c. Attackers can exploit this vulnerability by providing specially crafted input that causes unfreed memory allocations, potentially leading to denial of service conditions.

Problem type

Affected products

The GNU Project | Free Software Foundation, Inc.

GNU Barcode

0.99 - AFFECTED

References

ExploitDB-44798

https://www.exploit-db.com/exploits/44798

exploit
GNU Barcode Product Homepage

https://www.gnu.org/software/barcode/

product
FSF Directory Entry for Barcode

https://directory.fsf.org/wiki/Barcode

product

GitHub Security Advisories

GHSA-6r9g-7c8c-j56m

GNU Barcode 0.99 contains a memory leak vulnerability in the command line processing function...

https://github.com/advisories/GHSA-6r9g-7c8c-j56m

GNU Barcode 0.99 contains a memory leak vulnerability in the command line processing function within cmdline.c. Attackers can exploit this vulnerability by providing specially crafted input that causes unfreed memory allocations, potentially leading to denial of service conditions.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2018-25153

directory.fsf.org

https://directory.fsf.org/wiki/Barcode

exploit-db.com

https://www.exploit-db.com/exploits/44798

gnu.org

https://www.gnu.org/software/barcode

openwall.com

http://www.openwall.com/lists/oss-security/2025/12/26/1

github.com

https://github.com/advisories/GHSA-6r9g-7c8c-j56m

JSON source

https://cveawg.mitre.org/api/cve/CVE-2018-25153
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2018-25153",
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "dateUpdated": "2025-12-26T21:03:34.547Z",
    "dateReserved": "2025-12-24T14:28:02.436Z",
    "datePublished": "2025-12-24T19:27:53.062Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck",
        "dateUpdated": "2025-12-24T19:27:53.062Z"
      },
      "title": "GNU Barcode 0.99 Memory Leak Vulnerability in Command Line Processing",
      "descriptions": [
        {
          "lang": "en",
          "value": "GNU Barcode 0.99 contains a memory leak vulnerability in the command line processing function within cmdline.c. Attackers can exploit this vulnerability by providing specially crafted input that causes unfreed memory allocations, potentially leading to denial of service conditions."
        }
      ],
      "affected": [
        {
          "vendor": "The GNU Project | Free Software Foundation, Inc.",
          "product": "GNU Barcode",
          "versions": [
            {
              "version": "0.99",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Missing Release of Memory after Effective Lifetime",
              "cweId": "CWE-401",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.exploit-db.com/exploits/44798",
          "name": "ExploitDB-44798",
          "tags": [
            "exploit"
          ]
        },
        {
          "url": "https://www.gnu.org/software/barcode/",
          "name": "GNU Barcode Product Homepage",
          "tags": [
            "product"
          ]
        },
        {
          "url": "https://directory.fsf.org/wiki/Barcode",
          "name": "FSF Directory Entry for Barcode",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS"
        },
        {
          "format": "CVSS",
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH"
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab",
          "type": "finder"
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2025-12-24T20:24:39.099Z"
        },
        "title": "CISA ADP Vulnrichment",
        "metrics": [
          {}
        ]
      },
      {
        "providerMetadata": {
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE",
          "dateUpdated": "2025-12-26T21:03:34.547Z"
        },
        "title": "CVE Program Container",
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/12/26/1"
          }
        ]
      }
    ]
  }
}