CVE-2018-25153
Memory Leak in GNU Barcode cmdline.c Causes DoS Risk
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | barcode | 0.99 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory leak in GNU Barcode version 0.99, specifically in the command line processing function within the 'cmdline.c' source file. The issue occurs because allocated memory buffers (a 512-byte buffer via calloc and a 55-byte buffer via strdup) are not properly freed. When an attacker provides specially crafted input, these memory leaks cause the program to consume memory unnecessarily, which can degrade system performance or lead to a denial of service. [1]
How can this vulnerability impact me? :
The vulnerability can lead to a denial of service (DoS) condition by causing the program to leak memory when processing specially crafted inputs. This excessive memory consumption can degrade system performance or cause the application to crash, potentially disrupting services that rely on GNU Barcode. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by running the GNU Barcode 0.99 program with AddressSanitizer enabled to identify memory leaks in the cmdline.c source file, specifically looking for unfreed allocations at line 132 and related calls. Using AddressSanitizer or similar memory debugging tools while processing specially crafted input files can reveal the memory leaks. For example, you can compile GNU Barcode with AddressSanitizer flags and run it with test inputs to detect leaks. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of GNU Barcode version 0.99 until a patched version is available. If usage is necessary, monitor the program's memory consumption closely and restrict input to trusted sources to prevent exploitation via specially crafted inputs. Additionally, consider running the program in a controlled environment with resource limits to reduce the impact of potential memory leaks. [1]