2016-08-13
ALT-BU-2016-2930-1
Branch sisyphus update bulletin.
Package fontconfig updated to version 2.12.1-alt1 for branch sisyphus in task 168496.
Closed vulnerabilities
Published: 2016-08-13
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-5384
fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- RHSA-2016:2601
- RHSA-2016:2601
- DSA-3644
- DSA-3644
- 92339
- 92339
- USN-3063-1
- USN-3063-1
- https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940
- https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940
- FEDORA-2016-6802f2e52a
- FEDORA-2016-6802f2e52a
- FEDORA-2016-e23ab56ce3
- FEDORA-2016-e23ab56ce3
- [Fontconfig] 20160805 fontconfig: Branch 'master' - 3 commits
- [Fontconfig] 20160805 fontconfig: Branch 'master' - 3 commits