Red Hat Security Advisory 2016-2601-02 - Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications. Security Fix: It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to trigger arbitrary free() calls, which in turn could lead to arbitrary code execution.
9d2c5d6b48829b4cb2ef89e0dcd3c25440b3d24cf293906edf4fbff231cd0e6b
Ubuntu Security Notice 3063-1 - Tobias Stoeckmann discovered that Fontconfig incorrectly handled cache files. A local attacker could possibly use this issue with a specially crafted cache file to elevate privileges.
36e3ca185d26d83c3e43e46cd3a405429a27c098352c0bba16ccb878680482ed
Debian Linux Security Advisory 3644-1 - Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free() calls, which in turn allows double free attacks and therefore arbitrary code execution. In combination with setuid binaries using crafted cache files, this could allow privilege escalation.
000cb9fd32aae09b27f1aa25c7b206d1852d92f35bde68b197699c3748653b2c