Double Free in Fontconfig - CVE-2016-5384
Published: August 13, 2016 / Updated: July 28, 2020
Vulnerability identifier: #VU32257
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-5384
CWE-ID: CWE-415
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Freedesktop.org
Affected software:
Fontconfig
Fontconfig
Detailed vulnerability description
The vulnerability allows a local authenticated user to execute arbitrary code.
fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
How to mitigate CVE-2016-5384
Install update from vendor's website.
Sources
- http://rhn.redhat.com/errata/RHSA-2016-2601.html
- http://www.debian.org/security/2016/dsa-3644
- http://www.securityfocus.com/bid/92339
- http://www.ubuntu.com/usn/USN-3063-1
- https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CJ45VRAMCIISHOVKFVOQYQUSTUJP7FC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGOS4YYB7UYAWX5AEXJZHDIX4ZMSXSW5/
- https://lists.freedesktop.org/archives/fontconfig/2016-August/005792.html