CVE-2016-5384

Priority
Description
fontconfig before 2.12.1 does not validate offsets, which allows local
users to trigger arbitrary free calls and consequently conduct double free
attacks and execute arbitrary code via a crafted cache file.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (2.12.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [2.8.0-3ubuntu9.2])
Ubuntu 14.04 ESM (Trusty Tahr):released (2.11.0-0ubuntu4.2)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.11.94-0ubuntu1.1)
Patches:
Upstream:https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940
More Information

Updated: 2020-09-10 05:29:48 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)