An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer. References: https://gitlab.gnome.org/GNOME/gthumb/issues/18
Created gthumb tracking bugs for this issue: Affects: epel-7 [bug 1646710] Affects: fedora-all [bug 1646709]
Statement: This issue did not affect the versions of gthumb as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include the vulnerable code.