vulnerability

Red Hat: CVE-2016-5384: Moderate: fontconfig security and bug fix update (RHSA-2016:2601)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:N/C:P/I:P/A:P)	2016-08-12	2016-11-04	2018-01-17

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:P/A:P)

Published

2016-08-12

Added

2016-11-04

Modified

2018-01-17

Description

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.

Solution(s)

redhat-upgrade-fontconfigredhat-upgrade-fontconfig-debuginforedhat-upgrade-fontconfig-develredhat-upgrade-fontconfig-devel-doc

References

REDHAT-RHSA-2016:2601
DEBIAN-DLA-587-1
DEBIAN-DSA-3644
BID-92339
UBUNTU-USN-3063-1
NVD-CVE-2016-5384

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today