Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.703644
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 3644-1 (fontconfig - security update)
Summary:Tobias Stoeckmann discovered that cache;files are insufficiently validated in fontconfig, a generic font configuration library. An;attacker can trigger arbitrary free() calls, which in turn allows double;free attacks and therefore arbitrary code execution. In combination with;setuid binaries using crafted cache files, this could allow privilege;escalation.
Description:Summary:
Tobias Stoeckmann discovered that cache
files are insufficiently validated in fontconfig, a generic font configuration library. An
attacker can trigger arbitrary free() calls, which in turn allows double
free attacks and therefore arbitrary code execution. In combination with
setuid binaries using crafted cache files, this could allow privilege
escalation.

Affected Software/OS:
fontconfig on Debian Linux

Solution:
For the stable distribution (jessie), this
problem has been fixed in version 2.11.0-6.3+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 2.11.0-6.5.

We recommend that you upgrade your fontconfig packages.

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-5384
BugTraq ID: 92339
http://www.securityfocus.com/bid/92339
Debian Security Information: DSA-3644 (Google Search)
http://www.debian.org/security/2016/dsa-3644
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CJ45VRAMCIISHOVKFVOQYQUSTUJP7FC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGOS4YYB7UYAWX5AEXJZHDIX4ZMSXSW5/
https://lists.freedesktop.org/archives/fontconfig/2016-August/005792.html
RedHat Security Advisories: RHSA-2016:2601
http://rhn.redhat.com/errata/RHSA-2016-2601.html
http://www.ubuntu.com/usn/USN-3063-1
CopyrightCopyright (c) 2016 Greenbone Networks GmbH http://greenbone.net

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.