GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952. CREATE(Triage):(User=admin) [CVE-2019-20633|https://nvd.nist.gov/vuln/detail/CVE-2019-20633]
