Vulnerability Details CVE-2016-5384
fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
- http://rhn.redhat.com/errata/RHSA-2016-2601.html
- http://www.debian.org/security/2016/dsa-3644
- http://www.securityfocus.com/bid/92339
- http://www.ubuntu.com/usn/USN-3063-1
- https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CJ45VRAMCIISHOVKFVOQYQUSTUJP7FC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGOS4YYB7UYAWX5AEXJZHDIX4ZMSXSW5/
- https://lists.freedesktop.org/archives/fontconfig/2016-August/005792.html
- http://rhn.redhat.com/errata/RHSA-2016-2601.html
- http://www.debian.org/security/2016/dsa-3644
- http://www.securityfocus.com/bid/92339
- http://www.ubuntu.com/usn/USN-3063-1
- https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CJ45VRAMCIISHOVKFVOQYQUSTUJP7FC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGOS4YYB7UYAWX5AEXJZHDIX4ZMSXSW5/
- https://lists.freedesktop.org/archives/fontconfig/2016-August/005792.html
Products affected by CVE-2016-5384
-
cpe:2.3:a:fontconfig_project:fontconfig:2.1.91
-
cpe:2.3:a:fontconfig_project:fontconfig:2.1.92
-
cpe:2.3:a:fontconfig_project:fontconfig:2.1.93
-
cpe:2.3:a:fontconfig_project:fontconfig:2.1.94
-
cpe:2.3:a:fontconfig_project:fontconfig:2.10.0
-
cpe:2.3:a:fontconfig_project:fontconfig:2.10.1
-
cpe:2.3:a:fontconfig_project:fontconfig:2.10.2
-
cpe:2.3:a:fontconfig_project:fontconfig:2.10.91
-
cpe:2.3:a:fontconfig_project:fontconfig:2.10.92
-
cpe:2.3:a:fontconfig_project:fontconfig:2.10.93
-
cpe:2.3:a:fontconfig_project:fontconfig:2.10.94
-
cpe:2.3:a:fontconfig_project:fontconfig:2.10.95
-
cpe:2.3:a:fontconfig_project:fontconfig:2.11.0
-
cpe:2.3:a:fontconfig_project:fontconfig:2.11.1
-
cpe:2.3:a:fontconfig_project:fontconfig:2.11.91
-
cpe:2.3:a:fontconfig_project:fontconfig:2.11.92
-
cpe:2.3:a:fontconfig_project:fontconfig:2.11.93
-
cpe:2.3:a:fontconfig_project:fontconfig:2.11.94
-
cpe:2.3:a:fontconfig_project:fontconfig:2.11.95
-
cpe:2.3:a:fontconfig_project:fontconfig:2.12
-
cpe:2.3:a:fontconfig_project:fontconfig:2.12.0
-
cpe:2.3:a:fontconfig_project:fontconfig:2.2.0
-
cpe:2.3:a:fontconfig_project:fontconfig:2.2.1
-
cpe:2.3:a:fontconfig_project:fontconfig:2.2.2
-
cpe:2.3:a:fontconfig_project:fontconfig:2.2.3
-
cpe:2.3:a:fontconfig_project:fontconfig:2.2.90
-
cpe:2.3:a:fontconfig_project:fontconfig:2.2.91
-
cpe:2.3:a:fontconfig_project:fontconfig:2.2.92
-
cpe:2.3:a:fontconfig_project:fontconfig:2.2.93
-
cpe:2.3:a:fontconfig_project:fontconfig:2.2.94
-
cpe:2.3:a:fontconfig_project:fontconfig:2.2.95
-
cpe:2.3:a:fontconfig_project:fontconfig:2.2.96
-
cpe:2.3:a:fontconfig_project:fontconfig:2.2.97
-
cpe:2.3:a:fontconfig_project:fontconfig:2.2.98
-
cpe:2.3:a:fontconfig_project:fontconfig:2.2.99
-
cpe:2.3:a:fontconfig_project:fontconfig:2.3.0
-
cpe:2.3:a:fontconfig_project:fontconfig:2.3.1
-
cpe:2.3:a:fontconfig_project:fontconfig:2.3.1-2
-
cpe:2.3:a:fontconfig_project:fontconfig:2.3.2
-
cpe:2.3:a:fontconfig_project:fontconfig:2.3.90
-
cpe:2.3:a:fontconfig_project:fontconfig:2.3.91
-
cpe:2.3:a:fontconfig_project:fontconfig:2.3.92
-
cpe:2.3:a:fontconfig_project:fontconfig:2.3.93
-
cpe:2.3:a:fontconfig_project:fontconfig:2.3.94
-
cpe:2.3:a:fontconfig_project:fontconfig:2.3.95
-
cpe:2.3:a:fontconfig_project:fontconfig:2.3.96
-
cpe:2.3:a:fontconfig_project:fontconfig:2.3.97
-
cpe:2.3:a:fontconfig_project:fontconfig:2.4.0
-
cpe:2.3:a:fontconfig_project:fontconfig:2.4.1
-
cpe:2.3:a:fontconfig_project:fontconfig:2.4.2
-
cpe:2.3:a:fontconfig_project:fontconfig:2.4.91
-
cpe:2.3:a:fontconfig_project:fontconfig:2.4.92
-
cpe:2.3:a:fontconfig_project:fontconfig:2.5.0
-
cpe:2.3:a:fontconfig_project:fontconfig:2.5.91
-
cpe:2.3:a:fontconfig_project:fontconfig:2.5.92
-
cpe:2.3:a:fontconfig_project:fontconfig:2.5.93
-
cpe:2.3:a:fontconfig_project:fontconfig:2.6.0
-
cpe:2.3:a:fontconfig_project:fontconfig:2.7.0
-
cpe:2.3:a:fontconfig_project:fontconfig:2.7.1
-
cpe:2.3:a:fontconfig_project:fontconfig:2.7.2
-
cpe:2.3:a:fontconfig_project:fontconfig:2.7.3
-
cpe:2.3:a:fontconfig_project:fontconfig:2.8.0
-
cpe:2.3:a:fontconfig_project:fontconfig:2.9.0
-
cpe:2.3:a:fontconfig_project:fontconfig:2.9.91
-
cpe:2.3:a:fontconfig_project:fontconfig:2.9.92
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:fedoraproject:fedora:23
-
cpe:2.3:o:fedoraproject:fedora:24