CVE-2016-5384 (retired)

Priority
Description
fontconfig before 2.12.1 does not validate offsets, which allows local
users to trigger arbitrary free calls and consequently conduct double free
attacks and execute arbitrary code via a crafted cache file.
Assigned-to
mdeslaur
Package
Upstream:released (2.12.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [2.8.0-3ubuntu9.2])
Ubuntu 16.04 LTS (Xenial Xerus):released (2.11.94-0ubuntu1.1)
Patches:
Upstream:https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940
More Information

Updated: 2019-08-23 09:11:09 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)