FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 03:12:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
44989c29-67d1-11e6-8b1d-c86000169601	fontconfig -- insufficiently cache file validation Debian security team reports: Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free() calls, which in turn allows double free attacks and therefore arbitrary code execution. In combination with setuid binaries using crafted cache files, this could allow privilege escalation. Discovery 2016-08-05 Entry 2016-08-21 fontconfig < 1.12.1 https://packetstormsecurity.com/files/138236/Debian-Security-Advisory-3644-1.html CVE-2016-5384

VuXML ID

Description

44989c29-67d1-11e6-8b1d-c86000169601

fontconfig -- insufficiently cache file validation

Debian security team reports:

Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free() calls, which in turn allows double free attacks and therefore arbitrary code execution. In combination with setuid binaries using crafted cache files, this could allow privilege escalation.

Discovery 2016-08-05
Entry 2016-08-21
fontconfig

< 1.12.1

https://packetstormsecurity.com/files/138236/Debian-Security-Advisory-3644-1.html
CVE-2016-5384