CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-19876

cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.4%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.3

References

https://bugs.webkit.org/show_bug.cgi?id=191595
https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5
https://bugs.webkit.org/show_bug.cgi?id=191595
https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5

Products affected by CVE-2018-19876

Cairographics » Cairo » Version: 1.16.0

cpe:2.3:a:cairographics:cairo:1.16.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-19876

Products

Pricing

Contact Us