fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
RCE
Fedora
Fontconfig
Debian Linux
Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
0.2%