CVE-2016-1522

Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.
References
Link Resource
http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html Exploit Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html
http://rhn.redhat.com/errata/RHSA-2016-0197.html
http://rhn.redhat.com/errata/RHSA-2016-0258.html
http://rhn.redhat.com/errata/RHSA-2016-0594.html
http://www.debian.org/security/2016/dsa-3479 Third Party Advisory
http://www.mozilla.org/security/announce/2016/mfsa2016-14.html Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/82991
http://www.ubuntu.com/usn/USN-2902-1
https://security.gentoo.org/glsa/201701-35
https://security.gentoo.org/glsa/201701-63
http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html Exploit Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html
http://rhn.redhat.com/errata/RHSA-2016-0197.html
http://rhn.redhat.com/errata/RHSA-2016-0258.html
http://rhn.redhat.com/errata/RHSA-2016-0594.html
http://www.debian.org/security/2016/dsa-3479 Third Party Advisory
http://www.mozilla.org/security/announce/2016/mfsa2016-14.html Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/82991
http://www.ubuntu.com/usn/USN-2902-1
https://security.gentoo.org/glsa/201701-35
https://security.gentoo.org/glsa/201701-63
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.5.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.6.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:sil:graphite2:1.2.4:*:*:*:*:*:*:*

History

21 Nov 2024, 02:46

Type Values Removed Values Added
References () http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html - Exploit, Third Party Advisory () http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html - Exploit, Third Party Advisory
References () http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html - Third Party Advisory () http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html - Third Party Advisory
References () http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html - Third Party Advisory () http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html - Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html - () http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html -
References () http://rhn.redhat.com/errata/RHSA-2016-0197.html - () http://rhn.redhat.com/errata/RHSA-2016-0197.html -
References () http://rhn.redhat.com/errata/RHSA-2016-0258.html - () http://rhn.redhat.com/errata/RHSA-2016-0258.html -
References () http://rhn.redhat.com/errata/RHSA-2016-0594.html - () http://rhn.redhat.com/errata/RHSA-2016-0594.html -
References () http://www.debian.org/security/2016/dsa-3479 - Third Party Advisory () http://www.debian.org/security/2016/dsa-3479 - Third Party Advisory
References () http://www.mozilla.org/security/announce/2016/mfsa2016-14.html - Vendor Advisory () http://www.mozilla.org/security/announce/2016/mfsa2016-14.html - Vendor Advisory
References () http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html - () http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html -
References () http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html - () http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html -
References () http://www.securityfocus.com/bid/82991 - () http://www.securityfocus.com/bid/82991 -
References () http://www.ubuntu.com/usn/USN-2902-1 - () http://www.ubuntu.com/usn/USN-2902-1 -
References () https://security.gentoo.org/glsa/201701-35 - () https://security.gentoo.org/glsa/201701-35 -
References () https://security.gentoo.org/glsa/201701-63 - () https://security.gentoo.org/glsa/201701-63 -

22 Oct 2024, 13:42

Type Values Removed Values Added
CPE cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*

21 Oct 2024, 13:11

Type Values Removed Values Added
First Time Mozilla firefox
CPE cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:38.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.6.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.5.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.5.2:*:*:*:*:*:*:*

Information

Published : 2016-02-13 02:59

Updated : 2024-11-21 02:46


NVD link : CVE-2016-1522

Mitre link : CVE-2016-1522

CVE.ORG link : CVE-2016-1522


JSON object : View

Products Affected

mozilla

  • firefox
  • thunderbird

sil

  • graphite2

fedoraproject

  • fedora

debian

  • debian_linux
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer