oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Invalid free in cairo_ft_apply_variations

From: Michael Catanzaro <mcatanzaro () igalia com>
Date: Fri, 07 Dec 2018 11:19:43 -0600
Hi,
cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c frees memory using the wrong free function, leading to memory corruption. Because cairo is used by WebKitGTK+, WPE WebKit, and the WinCairo port of WebKit, this issue can be triggered by web content. CVE-2018-19876 has been allocated by MITRE. For details, see: 

https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5
We recommend Linux distros should patch cairo because the fix has not yet been integrated into the upstream source code repository: 

https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5.patch
(warning: link provided for convenience, it is not a stable link)

Michael
Previous By Date Next
Previous By Thread Next

Current thread: