NuytsTech Security

CVE-2016-5384

by ·

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.

Date published : 2016-08-12

http://www.securityfocus.com/bid/92339

https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940

Tags: