Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-19876

Опубликовано: 05 дек. 2018
Источник: debian
EPSS Низкий

Описание

cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
cairofixed1.16.0-4package
caironot-affectedstretchpackage
caironot-affectedjessiepackage

Примечания

  • https://bugs.webkit.org/show_bug.cgi?id=191595

  • https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5

  • Code introduced in

  • https://gitlab.freedesktop.org/cairo/cairo/commit/616fb7a9f2612f6cc3472542a70ba3e8ccf16584 and

  • https://gitlab.freedesktop.org/cairo/cairo/commit/0fd0fd0ae9ad8cfb177bb844091de98c0235917e,

  • and became vulnerable with freetype 2.9 which allows to define a different allocator. Partially

  • fixed in https://gitlab.freedesktop.org/cairo/cairo/commit/c3659d7ef662b55949307ece7b1f613a7dc32620

  • https://gitlab.freedesktop.org/cairo/cairo/commit/90e85c2493fdfa3551f202ff10282463f1e36645

EPSS

Процентиль: 53%
0.00303
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2018-19876

CVSS3: 6.5
ubuntu
больше 6 лет назад

cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.

redhat логотип

CVE-2018-19876

CVSS3: 5.9
redhat
почти 7 лет назад

cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.

nvd логотип

CVE-2018-19876

CVSS3: 6.5
nvd
больше 6 лет назад

cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.

msrc логотип

CVE-2018-19876

CVSS3: 6.5
msrc
около 5 лет назад

Описание отсутствует

github логотип

GHSA-m5xr-7jg3-vh46

CVSS3: 6.5
github
больше 3 лет назад

cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.

EPSS

Процентиль: 53%
0.00303
Низкий