Bug#915801: cairo: CVE-2018-19876
Moritz Mühlenhoff
jmm at inutil.org
Thu Mar 14 22:15:01 GMT 2019
On Thu, Dec 06, 2018 at 09:59:39PM +0100, Salvatore Bonaccorso wrote:
> Source: cairo
> Version: 1.16.0-1
> Severity: important
> Tags: security upstream
> Forwarded: https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5
>
> Hi,
>
> The following vulnerability was published for cairo.
>
> CVE-2018-19876[0]:
> | cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would
> | free memory using a free function incompatible with WebKit's
> | fastMalloc, leading to an application crash with a "free(): invalid
> | pointer" error.
Fixed in https://gitlab.freedesktop.org/cairo/cairo/commit/90e85c2493fdfa3551f202ff10282463f1e36645
Cheers,
Moritz
More information about the pkg-gnome-maintainers
mailing list