vulnerability

FreeBSD: VID-44989c29-67d1-11e6-8b1d-c86000169601 (CVE-2016-5384): fontconfig -- insufficiently cache file validation

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:N/C:P/I:P/A:P)	Aug 21, 2016	Dec 10, 2025	Dec 10, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:P/A:P)

Published

Aug 21, 2016

Added

Dec 10, 2025

Modified

Dec 10, 2025

Description

Debian security team reports: Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free() calls, which in turn allows double free attacks and therefore arbitrary code execution. In combination with setuid binaries using crafted cache files, this could allow privilege escalation.

Solution

freebsd-upgrade-package-fontconfig

References

CVE-2016-5384
https://attackerkb.com/topics/CVE-2016-5384
CWE-415

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today