Download
| Alert*
oval:org.secpod.oval:def:111246
Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications. oval:org.secpod.oval:def:204150 Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications. Security Fix: * It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to trigger arbitrary f ... oval:org.secpod.oval:def:111187 Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications. oval:org.secpod.oval:def:1800228 It was reported that offsets contained in cache files aren"t checked if they"re in legal ranges or are pointers at all. The lack of validation allows an attacker to trigger arbitrary free calls, which in turn allows double free attacks and therefore arbitrary code execution. When used with setuid bi ... oval:org.secpod.oval:def:89045152 This update for fontconfig fixes the following issues: - security update: * CVE-2016-5384: Possible double free due to insufficiently validated cache files [bsc#992534] oval:org.secpod.oval:def:703241 fontconfig: generic font configuration library Fontconfig be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:1501637 Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications. Security Fix: * It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to trigger arbitrary f ... oval:org.secpod.oval:def:602586 Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free calls, which in turn allows double free attacks and therefore arbitrary code execution. In combination with setuid binaries using cra ... oval:org.secpod.oval:def:501890 Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications. Security Fix: * It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to trigger arbitrary f ... oval:org.secpod.oval:def:1800472 It was reported that offsets contained in cache files aren"t checked if they"re in legal ranges or are pointers at all. The lack of validation allows an attacker to trigger arbitrary free calls, which in turn allows double free attacks and therefore arbitrary code execution. When used with setuid bi ... oval:org.secpod.oval:def:51622 fontconfig: generic font configuration library Fontconfig be made to crash or run programs if it opened a specially crafted file. |