Vulnerabilities > CVE-2018-19876 - Use After Free vulnerability in Cairographics Cairo 1.16.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2018-3A195026F5.NASL description This update lowers amount of color artefacts around glyphs when subpixel rendering is enabled for text by using freetype last seen 2020-06-05 modified 2019-01-03 plugin id 120358 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120358 title Fedora 29 : cairo (2018-3a195026f5) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0220_CAIRO.NASL description An update of the cairo package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 125156 published 2019-05-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125156 title Photon OS 1.0: Cairo PHSA-2019-1.0-0220