Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-5384

Опубликовано: 13 авг. 2016
Источник: debian
EPSS Низкий

Описание

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
fontconfigfixed2.11.0-6.5package

Примечания

  • https://lists.freedesktop.org/archives/fontconfig/2016-August/005792.html

  • Fixed by: https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940 (2.12.1)

EPSS

Процентиль: 32%
0.00118
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2016-5384

CVSS3: 7.8
ubuntu
около 9 лет назад

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.

redhat логотип

CVE-2016-5384

CVSS3: 4.5
redhat
около 9 лет назад

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.

nvd логотип

CVE-2016-5384

CVSS3: 7.8
nvd
около 9 лет назад

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.

suse-cvrf логотип

openSUSE-SU-2016:2272-1

suse-cvrf
почти 9 лет назад

Security update for fontconfig

suse-cvrf логотип

SUSE-SU-2016:2190-1

suse-cvrf
около 9 лет назад

Security update for fontconfig

EPSS

Процентиль: 32%
0.00118
Низкий