oss-sec mailing list archives
Invalid free in cairo_ft_apply_variations
From: Michael Catanzaro <mcatanzaro () igalia com>
Date: Fri, 07 Dec 2018 11:19:43 -0600
Hi,cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c frees memory using the wrong free function, leading to memory corruption. Because cairo is used by WebKitGTK+, WPE WebKit, and the WinCairo port of WebKit, this issue can be triggered by web content. CVE-2018-19876 has been allocated by MITRE. For details, see:
https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5We recommend Linux distros should patch cairo because the fix has not yet been integrated into the upstream source code repository:
https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5.patch (warning: link provided for convenience, it is not a stable link) Michael
Current thread:
- Invalid free in cairo_ft_apply_variations Michael Catanzaro (Dec 07)