[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Invalid free in cairo_ft_apply_variations
From: Michael Catanzaro <mcatanzaro () igalia ! com>
Date: 2018-12-07 17:19:43
Message-ID: 1544203183.3826.2 () mail ! igalia ! com
[Download RAW message or body]
Hi,
cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c frees
memory using the wrong free function, leading to memory corruption.
Because cairo is used by WebKitGTK+, WPE WebKit, and the WinCairo port
of WebKit, this issue can be triggered by web content. CVE-2018-19876
has been allocated by MITRE. For details, see:
https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5
We recommend Linux distros should patch cairo because the fix has not
yet been integrated into the upstream source code repository:
https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5.patch
(warning: link provided for convenience, it is not a stable link)
Michael
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic