[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-1521":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":68,"aliases":69,"duplicate_of":9,"upstream":70,"downstream":71,"duplicates":92,"related":93,"reserved_at":9,"published_at":97,"modified_at":98,"state":99,"summary":100,"references_raw":109,"kevs":195,"epss":196,"epss_history":199,"metrics":463,"affected":474},"CVE-2016-1521","The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-119","Improper Restriction of Operations within the Bounds of a Memory Buffer","The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.","weakness","Stable","Class","High",[20,24,28,32,36,40,44,48,52,56,60,64],{"id":21,"name":22,"techniques":23},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":25,"name":26,"techniques":27},"CAPEC-100","Overflow Buffers",[],{"id":29,"name":30,"techniques":31},"CAPEC-123","Buffer Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":37,"name":38,"techniques":39},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":41,"name":42,"techniques":43},"CAPEC-42","MIME Conversion",[],{"id":45,"name":46,"techniques":47},"CAPEC-44","Overflow Binary Resource File",[],{"id":49,"name":50,"techniques":51},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":53,"name":54,"techniques":55},"CAPEC-46","Overflow Variables and Tags",[],{"id":57,"name":58,"techniques":59},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":61,"name":62,"techniques":63},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":65,"name":66,"techniques":67},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],[],[],[],[72,74,76,78,80,82,84,86,88,90],{"_key":73},"RHSA-2016:0258",{"_key":75},"RHSA-2016:0594",{"_key":77},"SUSE-SU-2016:0779-1",{"_key":79},"RHSA-2016:0197",{"_key":81},"DSA-3479-1",{"_key":83},"MGASA-2016-0077",{"_key":85},"MGASA-2016-0078",{"_key":87},"UBUNTU-CVE-2016-1521",{"_key":89},"USN-2902-1",{"_key":91},"DEBIAN-CVE-2016-1521",[],[94,95,96],{"_key":77},{"_key":83},{"_key":85},"2016-02-13T02:00:00.000Z","2024-08-05T23:02:11.563Z","Modified",{"cisa_kev":101,"cisa_ransomware":101,"cisa_vendor":9,"epss_severity":102,"epss_score":103,"severity":104,"severity_score":105,"severity_version":106,"severity_source":107,"severity_vector":108,"severity_status":99},false,"low",0.00846,"high",8.8,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",[110,117,122,128,133,138,143,147,151,157,162,166,170,175,179,183,187,191],{"url":111,"sources":112,"tags":114},"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00088.html",[113,107],"cve.org",[115,116],"Vendor Advisory","X Refsource SUSE",{"url":118,"sources":119,"tags":120},"https://security.gentoo.org/glsa/201701-35",[113,107],[115,121],"X Refsource GENTOO",{"url":123,"sources":124,"tags":125},"http://www.securityfocus.com/bid/82991",[113,107],[126,127],"VDB Entry","X Refsource BID",{"url":129,"sources":130,"tags":131},"http://www.ubuntu.com/usn/USN-2902-1",[113,107],[115,132],"X Refsource UBUNTU",{"url":134,"sources":135,"tags":136},"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",[113,107],[137],"X Refsource CONFIRM",{"url":139,"sources":140,"tags":141},"http://rhn.redhat.com/errata/RHSA-2016-0594.html",[113,107],[115,142],"X Refsource REDHAT",{"url":144,"sources":145,"tags":146},"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",[113,107],[137],{"url":148,"sources":149,"tags":150},"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html",[113,107],[115,116],{"url":152,"sources":153,"tags":154},"http://www.debian.org/security/2016/dsa-3479",[113,107],[115,155,156],"X Refsource DEBIAN","Third Party Advisory",{"url":158,"sources":159,"tags":160},"http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html",[113,107],[161,156],"X Refsource MISC",{"url":163,"sources":164,"tags":165},"http://rhn.redhat.com/errata/RHSA-2016-0258.html",[113,107],[115,142],{"url":167,"sources":168,"tags":169},"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",[113,107],[137],{"url":171,"sources":172,"tags":173},"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html",[113,107],[115,174,156],"X Refsource FEDORA",{"url":176,"sources":177,"tags":178},"http://rhn.redhat.com/errata/RHSA-2016-0197.html",[113,107],[115,142],{"url":180,"sources":181,"tags":182},"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00052.html",[113,107],[115,116],{"url":184,"sources":185,"tags":186},"https://security.gentoo.org/glsa/201701-63",[113,107],[115,121],{"url":188,"sources":189,"tags":190},"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html",[113,107],[115,174,156],{"url":192,"sources":193,"tags":194},"http://www.mozilla.org/security/announce/2016/mfsa2016-14.html",[113,107],[137,156],[],{"date":197,"score":103,"percentile":198},"2026-06-04",0.75183,[200,204,207,210,213,216,219,222,225,228,231,234,237,240,243,246,249,252,255,258,261,263,265,268,271,274,276,279,282,285,288,291,294,297,300,303,306,309,312,315,318,321,324,326,329,332,335,338,341,344,347,350,353,356,359,362,364,367,370,373,376,379,382,385,388,391,394,397,400,403,406,409,411,414,417,420,423,425,428,431,434,437,440,443,445,448,451,454,457,460],{"date":201,"score":202,"percentile":203},"2025-11-04",0.00748,0.72295,{"date":205,"score":202,"percentile":206},"2025-11-05",0.72279,{"date":208,"score":202,"percentile":209},"2025-11-06",0.72276,{"date":211,"score":202,"percentile":212},"2025-11-07",0.72291,{"date":214,"score":202,"percentile":215},"2025-11-08",0.72289,{"date":217,"score":202,"percentile":218},"2025-11-09",0.72282,{"date":220,"score":202,"percentile":221},"2025-11-10",0.72272,{"date":223,"score":202,"percentile":224},"2025-11-11",0.72277,{"date":226,"score":202,"percentile":227},"2025-11-12",0.72294,{"date":229,"score":202,"percentile":230},"2025-11-13",0.72302,{"date":232,"score":202,"percentile":233},"2025-11-14",0.7231,{"date":235,"score":202,"percentile":236},"2025-11-15",0.72309,{"date":238,"score":202,"percentile":239},"2025-11-16",0.72305,{"date":241,"score":202,"percentile":242},"2025-11-17",0.723,{"date":244,"score":202,"percentile":245},"2025-11-18",0.7089,{"date":247,"score":202,"percentile":248},"2025-11-19",0.70898,{"date":250,"score":202,"percentile":251},"2025-11-20",0.70907,{"date":253,"score":202,"percentile":254},"2025-11-21",0.72323,{"date":256,"score":202,"percentile":257},"2025-11-22",0.72315,{"date":259,"score":202,"percentile":260},"2025-11-23",0.72299,{"date":262,"score":202,"percentile":215},"2025-11-24",{"date":264,"score":202,"percentile":212},"2025-11-25",{"date":266,"score":202,"percentile":267},"2025-11-26",0.72296,{"date":269,"score":202,"percentile":270},"2025-11-27",0.72298,{"date":272,"score":202,"percentile":273},"2025-11-28",0.72288,{"date":275,"score":202,"percentile":224},"2025-11-29",{"date":277,"score":202,"percentile":278},"2025-11-30",0.72273,{"date":280,"score":103,"percentile":281},"2025-12-01",0.74203,{"date":283,"score":103,"percentile":284},"2025-12-02",0.7421,{"date":286,"score":103,"percentile":287},"2025-12-03",0.74208,{"date":289,"score":103,"percentile":290},"2025-12-04",0.74077,{"date":292,"score":103,"percentile":293},"2025-12-05",0.74087,{"date":295,"score":103,"percentile":296},"2025-12-06",0.74089,{"date":298,"score":103,"percentile":299},"2025-12-07",0.74088,{"date":301,"score":103,"percentile":302},"2025-12-08",0.74092,{"date":304,"score":103,"percentile":305},"2025-12-09",0.74122,{"date":307,"score":103,"percentile":308},"2025-12-10",0.74154,{"date":310,"score":103,"percentile":311},"2025-12-11",0.74168,{"date":313,"score":103,"percentile":314},"2025-12-12",0.74191,{"date":316,"score":103,"percentile":317},"2025-12-13",0.74196,{"date":319,"score":103,"percentile":320},"2025-12-14",0.74195,{"date":322,"score":103,"percentile":323},"2025-12-15",0.74199,{"date":325,"score":103,"percentile":284},"2025-12-16",{"date":327,"score":103,"percentile":328},"2025-12-17",0.7422,{"date":330,"score":103,"percentile":331},"2025-12-18",0.7424,{"date":333,"score":103,"percentile":334},"2025-12-19",0.74256,{"date":336,"score":103,"percentile":337},"2025-12-20",0.74254,{"date":339,"score":103,"percentile":340},"2025-12-21",0.74246,{"date":342,"score":103,"percentile":343},"2025-12-22",0.74248,{"date":345,"score":103,"percentile":346},"2025-12-23",0.74238,{"date":348,"score":103,"percentile":349},"2025-12-24",0.7425,{"date":351,"score":103,"percentile":352},"2025-12-25",0.74277,{"date":354,"score":103,"percentile":355},"2025-12-26",0.74272,{"date":357,"score":103,"percentile":358},"2025-12-27",0.74318,{"date":360,"score":103,"percentile":361},"2025-12-28",0.74251,{"date":363,"score":103,"percentile":340},"2025-12-29",{"date":365,"score":103,"percentile":366},"2025-12-30",0.74263,{"date":368,"score":103,"percentile":369},"2025-12-31",0.74289,{"date":371,"score":103,"percentile":372},"2026-01-01",0.74431,{"date":374,"score":103,"percentile":375},"2026-01-02",0.74432,{"date":377,"score":103,"percentile":378},"2026-01-03",0.74434,{"date":380,"score":103,"percentile":381},"2026-01-04",0.743,{"date":383,"score":103,"percentile":384},"2026-01-05",0.74293,{"date":386,"score":103,"percentile":387},"2026-01-06",0.74309,{"date":389,"score":103,"percentile":390},"2026-01-07",0.74316,{"date":392,"score":103,"percentile":393},"2026-01-08",0.74329,{"date":395,"score":103,"percentile":396},"2026-01-09",0.74335,{"date":398,"score":103,"percentile":399},"2026-01-10",0.74331,{"date":401,"score":103,"percentile":402},"2026-01-11",0.74319,{"date":404,"score":103,"percentile":405},"2026-01-12",0.74308,{"date":407,"score":103,"percentile":408},"2026-01-13",0.74307,{"date":410,"score":103,"percentile":399},"2026-01-14",{"date":412,"score":103,"percentile":413},"2026-01-15",0.74339,{"date":415,"score":103,"percentile":416},"2026-01-16",0.74355,{"date":418,"score":103,"percentile":419},"2026-01-17",0.74352,{"date":421,"score":103,"percentile":422},"2026-01-18",0.74328,{"date":424,"score":103,"percentile":358},"2026-01-19",{"date":426,"score":103,"percentile":427},"2026-01-20",0.74324,{"date":429,"score":103,"percentile":430},"2026-01-21",0.74327,{"date":432,"score":103,"percentile":433},"2026-01-22",0.74333,{"date":435,"score":103,"percentile":436},"2026-01-23",0.74362,{"date":438,"score":103,"percentile":439},"2026-01-24",0.7437,{"date":441,"score":103,"percentile":442},"2026-01-25",0.74354,{"date":444,"score":103,"percentile":419},"2026-01-26",{"date":446,"score":103,"percentile":447},"2026-01-27",0.7436,{"date":449,"score":103,"percentile":450},"2026-01-28",0.74369,{"date":452,"score":103,"percentile":453},"2026-01-29",0.74368,{"date":455,"score":103,"percentile":456},"2026-01-30",0.74371,{"date":458,"score":103,"percentile":459},"2026-01-31",0.74375,{"date":461,"score":103,"percentile":462},"2026-02-01",0.74497,[464],{"source":107,"cvss_v2_0":465,"cvss_v3_0":470,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":466,"baseSeverity":9,"vectorString":467,"impactScore":468,"exploitabilityScore":469},6.8,"AV:N/AC:M/Au:N/C:P/I:P/A:P",6.4,8.6,{"baseScore":105,"baseSeverity":471,"vectorString":108,"impactScore":472,"exploitabilityScore":473},"HIGH",9.8,7.2,[475,486,494,528,534],{"ecosystem":9,"name":476,"vendor":477,"product":478,"cpe_part":479,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":480},"debian linux","debian","debian_linux","o",[481,484],{"version":482,"is_range":101,"range_type":483,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0","cpe",{"version":485,"is_range":101,"range_type":483,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"ecosystem":9,"name":487,"vendor":488,"product":487,"cpe_part":479,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":489},"fedora","fedoraproject",[490,492],{"version":491,"is_range":101,"range_type":483,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"22",{"version":493,"is_range":101,"range_type":483,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"23",{"ecosystem":9,"name":495,"vendor":496,"product":495,"cpe_part":497,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":498},"firefox","mozilla","a",[499,504,506,508,510,512,514,516,518,520,522,524,526],{"version":500,"is_range":501,"range_type":483,"version_start":9,"version_start_type":9,"version_end":502,"version_end_type":503,"fixed_in":9},"lte42.0",true,"42.0","including",{"version":505,"is_range":101,"range_type":483,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.0.1",{"version":507,"is_range":101,"range_type":483,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.0.5",{"version":509,"is_range":101,"range_type":483,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.1.0",{"version":511,"is_range":101,"range_type":483,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.1.1",{"version":513,"is_range":101,"range_type":483,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.2.0",{"version":515,"is_range":101,"range_type":483,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.2.1",{"version":517,"is_range":101,"range_type":483,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.3.0",{"version":519,"is_range":101,"range_type":483,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.4.0",{"version":521,"is_range":101,"range_type":483,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.5.0",{"version":523,"is_range":101,"range_type":483,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.5.1",{"version":525,"is_range":101,"range_type":483,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.5.2",{"version":527,"is_range":101,"range_type":483,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.6.0",{"ecosystem":9,"name":529,"vendor":496,"product":530,"cpe_part":497,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":531},"Thunderbird","thunderbird",[532],{"version":533,"is_range":501,"range_type":483,"version_start":9,"version_start_type":9,"version_end":523,"version_end_type":503,"fixed_in":9},"lte38.5.1",{"ecosystem":9,"name":535,"vendor":536,"product":535,"cpe_part":497,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":537},"graphite2","sil",[538],{"version":539,"is_range":501,"range_type":483,"version_start":9,"version_start_type":9,"version_end":540,"version_end_type":503,"fixed_in":9},"lte1.2.4","1.2.4"]