On Thu, Dec 06, 2018 at 09:59:39PM +0100, Salvatore Bonaccorso wrote: > Source: cairo > Version: 1.16.0-1 > Severity: important > Tags: security upstream > Forwarded: https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5 > > Hi, > > The following vulnerability was published for cairo. > > CVE-2018-19876[0]: > | cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would > | free memory using a free function incompatible with WebKit's > | fastMalloc, leading to an application crash with a "free(): invalid > | pointer" error.
Fixed in https://gitlab.freedesktop.org/cairo/cairo/commit/90e85c2493fdfa3551f202ff10282463f1e36645 Cheers, Moritz