CVE-2018-19876 - cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free func

CVE-2018-19876

Summary

cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.

References

https://bugs.webkit.org/show_bug.cgi?id=191595
https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5

Vulnerable Configurations

cpe:2.3:a:cairographics:cairo:1.16.0:*:*:*:*:*:*:*
cpe:2.3:a:cairographics:cairo:1.16.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 31-01-2019 - 19:27)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

misc

https://bugs.webkit.org/show_bug.cgi?id=191595
https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5

Last major update

31-01-2019 - 19:27

Published

05-12-2018 - 20:29

Last modified

31-01-2019 - 19:27