fribidi: Stack-based buffer overflow (CVE-2019-18397)
The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a boundary error in GNU fribidi when processing a large number of unicode isolate directional characters. A remote attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
From 1.0.0 to 1.0.7
- Fixed by: https://github.com/fribidi/fribidi/commit/034c6e9a1d296286305f4cfd1e0072b879f52568
- Introduced by: https://github.com/fribidi/fribidi/commit/f20b6480b9cd46dae8d82a6f95d9c53558fcfd20 (v1.0.0)