{"id":"MGASA-2016-0287","summary":"Updated fontconfig packages fix security vulnerability","details":"Tobias Stoeckmann discovered that cache files are insufficiently\nvalidated in fontconfig, a generic font configuration library. An\nattacker can trigger arbitrary free() calls, which in turn allows\ndouble free attacks and therefore arbitrary code execution. In\ncombination with setuid binaries using crafted cache files, this\ncould allow privilege escalation (CVE-2016-5384).\n","modified":"2026-01-31T14:09:40.270286Z","published":"2016-08-31T15:32:33Z","related":["CVE-2016-5384"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0287.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19157"},{"type":"REPORT","url":"https://lists.debian.org/debian-security-announce/2016/msg00222.html"}],"affected":[{"package":{"name":"fontconfig","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/fontconfig?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.11.1-4.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0287.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}