RHEL 7 : fontconfig (RHSA-2016:2601)

🗓️ 04 Nov 2016 00:00:00Reported by TenableType

An update for fontconfig in RHEL 7 addresses a security vulnerability relating to cache file validation, potentially leading to arbitrary code execution

Reporter	Title	Published	Views	Family All 67
FreeBSD	fontconfig -- insufficiently cache file validation	5 Aug 201600:00	–	freebsd
IBM Security Bulletins	Security Bulletin: IBM Flex System Manager (FSM) is affected by a vulnerability in fontconfig (CVE-2016-5384)	18 Jun 201801:34	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in fontconfig affects PowerKVM (CVE-2016-5384)	18 Jun 201801:34	–	ibm
Tenable Nessus	CentOS 7 : fontconfig (CESA-2016:2601)	28 Nov 201600:00	–	nessus
Tenable Nessus	Debian DLA-587-1 : fontconfig security update	10 Aug 201600:00	–	nessus
Tenable Nessus	Debian DSA-3644-1 : fontconfig - security update	9 Aug 201600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP1 : fontconfig (EulerOS-SA-2016-1077)	1 May 201700:00	–	nessus
Tenable Nessus	Fedora 23 : fontconfig (2016-6802f2e52a)	18 Aug 201600:00	–	nessus
Tenable Nessus	Fedora 24 : fontconfig (2016-e23ab56ce3)	9 Aug 201600:00	–	nessus
Tenable Nessus	FreeBSD : fontconfig -- insufficiently cache file validation (44989c29-67d1-11e6-8b1d-c86000169601)	22 Aug 201600:00	–	nessus

Source	Link
access	www.access.redhat.com/errata/RHSA-2016:2601
access	www.access.redhat.com/security/cve/cve-2016-5384
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2016:2601. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('compat.inc');

if (description)
{
  script_id(94564);
  script_version("2.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/20");

  script_cve_id("CVE-2016-5384");
  script_xref(name:"RHSA", value:"2016:2601");

  script_name(english:"RHEL 7 : fontconfig (RHSA-2016:2601)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"An update for fontconfig is now available for Red Hat Enterprise Linux
7.

Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Fontconfig is designed to locate fonts within the system and select
them according to requirements specified by applications.

Security Fix(es) :

* It was found that cache files were insufficiently validated in
fontconfig. A local attacker could create a specially crafted cache
file to trigger arbitrary free() calls, which in turn could lead to
arbitrary code execution. (CVE-2016-5384)

Red Hat would like to thank Tobias Stoeckmann for reporting this
issue.

Additional Changes :

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.3 Release Notes linked from the References section.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2016:2601");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-5384");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5384");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/11/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:fontconfig");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:fontconfig-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:fontconfig-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:fontconfig-devel-doc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2016-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2016:2601";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL7", reference:"fontconfig-2.10.95-10.el7")) flag++;

  if (rpm_check(release:"RHEL7", reference:"fontconfig-debuginfo-2.10.95-10.el7")) flag++;

  if (rpm_check(release:"RHEL7", reference:"fontconfig-devel-2.10.95-10.el7")) flag++;

  if (rpm_check(release:"RHEL7", reference:"fontconfig-devel-doc-2.10.95-10.el7")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fontconfig / fontconfig-debuginfo / fontconfig-devel / etc");
  }
}

20 Jan 2026 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 24.6

CVSS 3.17.8

EPSS0.00264