ELSA-2016-2601 -- Oracle fontconfigID: oval:org.secpod.oval:def:1501637 | Date: (C)2016-12-07 (M)2023-12-20 |
Class: PATCH | Family: unix |
Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications. Security Fix: * It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to trigger arbitrary free calls, which in turn could lead to arbitrary code execution. Red Hat would like to thank Tobias Stoeckmann for reporting this issue.