vulnerability

Alpine Linux: CVE-2016-5384: fontconfig Possible double free due to insufficiently validated cache files

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:P/A:P)

Published

Aug 12, 2016

Added

Aug 30, 2017

Modified

Feb 14, 2023

Description

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.

Solution

alpine-linux-upgrade-fontconfig

References

ALPINE-6023
ALPINE-6024
ALPINE-6025
ALPINE-6026
ALPINE-6027
BID-92339
CVE-2016-5384
https://attackerkb.com/topics/CVE-2016-5384
DEBIAN-DSA-3644
REDHAT-RHSA-2016:2601

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report