ID:

CVE-2016-5384 (NVD)

- Vulnerability Info (edit)
2016-08-12

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.