Vulnerabilities > CVE-2018-19876 - Use After Free vulnerability in Cairographics Cairo 1.16.0

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
cairographics
CWE-416
nessus

Summary

cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.

Vulnerable Configurations

Part Description Count
Application
Cairographics
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-3A195026F5.NASL
    descriptionThis update lowers amount of color artefacts around glyphs when subpixel rendering is enabled for text by using freetype
    last seen2020-06-05
    modified2019-01-03
    plugin id120358
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120358
    titleFedora 29 : cairo (2018-3a195026f5)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0220_CAIRO.NASL
    descriptionAn update of the cairo package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id125156
    published2019-05-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125156
    titlePhoton OS 1.0: Cairo PHSA-2019-1.0-0220