CVE-2016-5384

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name	Vendor	Start Version	End Version
Fedora	Fedoraproject	23 (including)	23 (including)
Fedora	Fedoraproject	24 (including)	24 (including)

Potential Mitigations

References

http://rhn.redhat.com/errata/RHSA-2016-2601.html
http://www.debian.org/security/2016/dsa-3644
http://www.securityfocus.com/bid/92339
http://www.ubuntu.com/usn/USN-3063-1
https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CJ45VRAMCIISHOVKFVOQYQUSTUJP7FC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGOS4YYB7UYAWX5AEXJZHDIX4ZMSXSW5/
https://lists.freedesktop.org/archives/fontconfig/2016-August/005792.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-5384
CWE	https://cwe.mitre.org/data/definitions/415.html

Double Free

Weakness

Affected Software

Potential Mitigations

References