[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-3644-1 fontconfig -- fontconfig

ID: oval:org.secpod.oval:def:602586Date: (C)2016-08-18   (M)2023-12-20
Class: PATCHFamily: unix




Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free calls, which in turn allows double free attacks and therefore arbitrary code execution. In combination with setuid binaries using crafted cache files, this could allow privilege escalation.

Platform:
Debian 8.x
Product:
fontconfig
Reference:
DSA-3644-1
CVE-2016-5384
CVE    1
CVE-2016-5384
CPE    2
cpe:/o:debian:debian_linux:8.x
cpe:/a:fontconfig:fontconfig

© SecPod Technologies