Cairo · Cairo · CVE-2018-19876
**Name of the Vulnerable Software and Affected Versions**
cairo version 1.16.0
**Description**
The issue occurs in the `cairo ft apply variations()` function, located in `cairo-ft-font.c`, where memory is freed using a function incompatible with WebKit's `fastMalloc`, resulting in an application crash with a "free(): invalid pointer" error.
**Recommendations**
For cairo version 1.16.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.