vulnerability

Alpine Linux: CVE-2016-5384: fontconfig Possible double free due to insufficiently validated cache files

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
Aug 12, 2016
Added
Aug 30, 2017
Modified
Feb 14, 2023

Description

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.

Solution

alpine-linux-upgrade-fontconfig
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.