Detections
Analytics
Alpine: multiple fontconfig packages: security update to 2.12.0-r0 (deprecated)
high Tenable Self-Hosted Container Security Plugin ID 400961
Description
There are packages installed that are affected by a vulnerability referenced in the following CVE:- fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free
calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
(CVE-2016-5384)
See Also
https://git.alpinelinux.org/aports/commit/?id=39328beab9f2160125dffe1b9eb31d3e81916407
https://git.alpinelinux.org/aports/commit/?id=f72f37cc991add62e688f5a0a264ed6fdc686edb
Plugin Details
Severity: High
ID: 400961
Version: Revision 1.22
Type: Local
Published: 8/16/2023
Updated: 1/17/2024
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 4.6
Temporal Score: 3.4
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2016-5384
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Exploit Ease: No known exploits are available
Patch Publication Date: 8/10/2016
Vulnerability Publication Date: 6/28/2016
Reference Information
CVE: CVE-2016-5384
BID: 92339