vulnerability
Alpine Linux: CVE-2016-5384: fontconfig Possible double free due to insufficiently validated cache files
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:L/AC:L/Au:N/C:P/I:P/A:P) | Aug 12, 2016 | Aug 30, 2017 | Feb 14, 2023 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
Aug 12, 2016
Added
Aug 30, 2017
Modified
Feb 14, 2023
Description
fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
Solution
alpine-linux-upgrade-fontconfig

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.