ID CVE-2016-5384
Summary fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
References
Vulnerable Configurations
  • cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
  • cpe:2.3:a:fontconfig_project:fontconfig:2.12:*:*:*:*:*:*:*
    cpe:2.3:a:fontconfig_project:fontconfig:2.12:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 18-01-2017 - 02:59)
Impact:
Exploitability:
CWE CWE-415
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 1350891
title CVE-2016-5384 fontconfig: Possible double free due to insufficiently validated cache files
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhba:tst:20150364001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhba:tst:20150364002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhba:tst:20150364003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20150364004
  • OR
    • AND
      • comment fontconfig is earlier than 0:2.10.95-10.el7
        oval oval:com.redhat.rhsa:tst:20162601005
      • comment fontconfig is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162601006
    • AND
      • comment fontconfig-devel is earlier than 0:2.10.95-10.el7
        oval oval:com.redhat.rhsa:tst:20162601007
      • comment fontconfig-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162601008
    • AND
      • comment fontconfig-devel-doc is earlier than 0:2.10.95-10.el7
        oval oval:com.redhat.rhsa:tst:20162601009
      • comment fontconfig-devel-doc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162601010
rhsa
id RHSA-2016:2601
released 2016-11-03
severity Moderate
title RHSA-2016:2601: fontconfig security and bug fix update (Moderate)
rpms
  • fontconfig-0:2.10.95-10.el7
  • fontconfig-devel-0:2.10.95-10.el7
  • fontconfig-devel-doc-0:2.10.95-10.el7
refmap via4
bid 92339
confirm https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940
debian DSA-3644
fedora
  • FEDORA-2016-6802f2e52a
  • FEDORA-2016-e23ab56ce3
mlist [Fontconfig] 20160805 fontconfig: Branch 'master' - 3 commits
ubuntu USN-3063-1
Last major update 18-01-2017 - 02:59
Published 13-08-2016 - 01:59
Back to Top