CVE-2016-5384
HIGH7.8EPSS 0.26%fontconfig - security update
發布日:2016/8/13修改日:2026/4/28
描述
fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
受影響套件(3)
- Debian/fontconfigfrom 0, < 2.11.0-6.5
- Debian/fontconfigfrom 0, < 2.9.0-7.1+deb7u1
- Debian/fontconfigfrom 0, < 2.11.0-6.3+deb8u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |