A vulnerability in the default_add_message function of GNU gettext could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability is due to a double-free condition that exists in the default_add_message function, as defined in the read-catalog.c source code file of the affected software, and is related to an invalid-free condition in the po_gram_parse function, in the po-gram-gen.y source code file. An attacker could exploit this vulnerability by executing the msgfmt --check command on a file that submits malicious input to the targeted system. A successful exploit could result in a DoS condition.
Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.
GNU.org has not confirmed the vulnerability, and software updates are not available.