2 matches found
MGASA-2016-0287 Updated fontconfig packages fix security vulnerability
Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free calls, which in turn allows double free attacks and therefore arbitrary code execution. In combination with setuid binaries using...
Debian DSA-3644-1 : fontconfig - security update
Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free calls, which in turn allows double free attacks and therefore arbitrary code execution. In combination with setuid binaries using...