[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-1522":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":68,"aliases":78,"duplicate_of":9,"upstream":79,"downstream":80,"duplicates":99,"related":100,"reserved_at":9,"published_at":103,"modified_at":104,"state":105,"summary":106,"references_raw":114,"kevs":188,"epss":189,"epss_history":192,"metrics":451,"affected":462},"CVE-2016-1522","Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-119","Improper Restriction of Operations within the Bounds of a Memory Buffer","The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.","weakness","Stable","Class","High",[20,24,28,32,36,40,44,48,52,56,60,64],{"id":21,"name":22,"techniques":23},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":25,"name":26,"techniques":27},"CAPEC-100","Overflow Buffers",[],{"id":29,"name":30,"techniques":31},"CAPEC-123","Buffer Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":37,"name":38,"techniques":39},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":41,"name":42,"techniques":43},"CAPEC-42","MIME Conversion",[],{"id":45,"name":46,"techniques":47},"CAPEC-44","Overflow Binary Resource File",[],{"id":49,"name":50,"techniques":51},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":53,"name":54,"techniques":55},"CAPEC-46","Overflow Variables and Tags",[],{"id":57,"name":58,"techniques":59},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":61,"name":62,"techniques":63},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":65,"name":66,"techniques":67},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],[69],{"_key":70,"name":71,"source":72,"url":73,"maturity":74,"reliability_score":75,"verified":76,"type":9,"platforms":77,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_92BECA5AB3615BDE","Exploit Reference (blog.talosintel.com)","reference","http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html","unknown",0.2,false,[],[],[],[81,83,85,87,89,91,93,95,97],{"_key":82},"RHSA-2016:0258",{"_key":84},"RHSA-2016:0594",{"_key":86},"RHSA-2016:0197",{"_key":88},"DSA-3479-1",{"_key":90},"MGASA-2016-0077",{"_key":92},"MGASA-2016-0078",{"_key":94},"UBUNTU-CVE-2016-1522",{"_key":96},"USN-2902-1",{"_key":98},"DEBIAN-CVE-2016-1522",[],[101,102],{"_key":90},{"_key":92},"2016-02-13T02:00:00.000Z","2024-08-05T23:02:11.533Z","Modified",{"cisa_kev":76,"cisa_ransomware":76,"cisa_vendor":9,"epss_severity":107,"epss_score":108,"severity":109,"severity_score":110,"severity_version":111,"severity_source":112,"severity_vector":113,"severity_status":105},"low",0.02415,"high",9.3,"v2.0","nvd","AV:N/AC:M/Au:N/C:C/I:C/A:C",[115,122,128,133,138,143,147,152,158,163,167,172,176,180,184],{"url":116,"sources":117,"tags":119},"https://security.gentoo.org/glsa/201701-35",[118,112],"cve.org",[120,121],"Vendor Advisory","X Refsource GENTOO",{"url":123,"sources":124,"tags":125},"http://www.securityfocus.com/bid/82991",[118,112],[126,127],"VDB Entry","X Refsource BID",{"url":129,"sources":130,"tags":131},"http://www.ubuntu.com/usn/USN-2902-1",[118,112],[120,132],"X Refsource UBUNTU",{"url":134,"sources":135,"tags":136},"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",[118,112],[137],"X Refsource CONFIRM",{"url":139,"sources":140,"tags":141},"http://rhn.redhat.com/errata/RHSA-2016-0594.html",[118,112],[120,142],"X Refsource REDHAT",{"url":144,"sources":145,"tags":146},"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",[118,112],[137],{"url":148,"sources":149,"tags":150},"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html",[118,112],[120,151],"X Refsource SUSE",{"url":153,"sources":154,"tags":155},"http://www.debian.org/security/2016/dsa-3479",[118,112],[120,156,157],"X Refsource DEBIAN","Third Party Advisory",{"url":73,"sources":159,"tags":160},[118,112],[161,162,157],"X Refsource MISC","Exploit",{"url":164,"sources":165,"tags":166},"http://rhn.redhat.com/errata/RHSA-2016-0258.html",[118,112],[120,142],{"url":168,"sources":169,"tags":170},"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html",[118,112],[120,171,157],"X Refsource FEDORA",{"url":173,"sources":174,"tags":175},"http://rhn.redhat.com/errata/RHSA-2016-0197.html",[118,112],[120,142],{"url":177,"sources":178,"tags":179},"https://security.gentoo.org/glsa/201701-63",[118,112],[120,121],{"url":181,"sources":182,"tags":183},"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html",[118,112],[120,171,157],{"url":185,"sources":186,"tags":187},"http://www.mozilla.org/security/announce/2016/mfsa2016-14.html",[118,112],[137,120],[],{"date":190,"score":108,"percentile":191},"2026-06-04",0.85388,[193,197,200,203,206,209,212,215,218,221,224,227,229,232,235,238,241,244,247,250,253,256,258,260,264,267,270,273,276,279,282,285,288,290,293,296,299,302,305,308,311,314,316,319,322,325,328,331,334,337,340,343,346,349,352,355,358,361,364,367,370,373,375,378,380,383,385,388,390,392,394,396,399,402,405,408,411,414,416,419,422,425,428,431,433,436,439,442,445,448],{"date":194,"score":195,"percentile":196},"2025-11-04",0.01858,0.8244,{"date":198,"score":195,"percentile":199},"2025-11-05",0.82444,{"date":201,"score":195,"percentile":202},"2025-11-06",0.82448,{"date":204,"score":195,"percentile":205},"2025-11-07",0.82458,{"date":207,"score":195,"percentile":208},"2025-11-08",0.82464,{"date":210,"score":195,"percentile":211},"2025-11-09",0.8246,{"date":213,"score":195,"percentile":214},"2025-11-10",0.82453,{"date":216,"score":195,"percentile":217},"2025-11-11",0.82463,{"date":219,"score":195,"percentile":220},"2025-11-12",0.82472,{"date":222,"score":195,"percentile":223},"2025-11-13",0.82476,{"date":225,"score":195,"percentile":226},"2025-11-14",0.82478,{"date":228,"score":195,"percentile":220},"2025-11-15",{"date":230,"score":195,"percentile":231},"2025-11-16",0.82475,{"date":233,"score":195,"percentile":234},"2025-11-17",0.82473,{"date":236,"score":195,"percentile":237},"2025-11-18",0.81567,{"date":239,"score":195,"percentile":240},"2025-11-19",0.81568,{"date":242,"score":195,"percentile":243},"2025-11-20",0.81573,{"date":245,"score":195,"percentile":246},"2025-11-21",0.82485,{"date":248,"score":195,"percentile":249},"2025-11-22",0.82487,{"date":251,"score":195,"percentile":252},"2025-11-23",0.8248,{"date":254,"score":195,"percentile":255},"2025-11-24",0.82479,{"date":257,"score":195,"percentile":223},"2025-11-25",{"date":259,"score":195,"percentile":223},"2025-11-26",{"date":261,"score":262,"percentile":263},"2025-11-27",0.01626,0.81304,{"date":265,"score":262,"percentile":266},"2025-11-28",0.81295,{"date":268,"score":262,"percentile":269},"2025-11-29",0.81301,{"date":271,"score":262,"percentile":272},"2025-11-30",0.81306,{"date":274,"score":108,"percentile":275},"2025-12-01",0.84663,{"date":277,"score":108,"percentile":278},"2025-12-02",0.84666,{"date":280,"score":108,"percentile":281},"2025-12-03",0.84667,{"date":283,"score":108,"percentile":284},"2025-12-04",0.84597,{"date":286,"score":108,"percentile":287},"2025-12-05",0.846,{"date":289,"score":108,"percentile":287},"2025-12-06",{"date":291,"score":108,"percentile":292},"2025-12-07",0.84592,{"date":294,"score":108,"percentile":295},"2025-12-08",0.84594,{"date":297,"score":108,"percentile":298},"2025-12-09",0.84606,{"date":300,"score":108,"percentile":301},"2025-12-10",0.84629,{"date":303,"score":108,"percentile":304},"2025-12-11",0.84633,{"date":306,"score":108,"percentile":307},"2025-12-12",0.84639,{"date":309,"score":108,"percentile":310},"2025-12-13",0.84634,{"date":312,"score":108,"percentile":313},"2025-12-14",0.84635,{"date":315,"score":108,"percentile":310},"2025-12-15",{"date":317,"score":108,"percentile":318},"2025-12-16",0.84642,{"date":320,"score":108,"percentile":321},"2025-12-17",0.84645,{"date":323,"score":108,"percentile":324},"2025-12-18",0.84651,{"date":326,"score":108,"percentile":327},"2025-12-19",0.84657,{"date":329,"score":108,"percentile":330},"2025-12-20",0.84652,{"date":332,"score":108,"percentile":333},"2025-12-21",0.84654,{"date":335,"score":108,"percentile":336},"2025-12-22",0.84658,{"date":338,"score":108,"percentile":339},"2025-12-23",0.84662,{"date":341,"score":108,"percentile":342},"2025-12-24",0.8467,{"date":344,"score":108,"percentile":345},"2025-12-25",0.84685,{"date":347,"score":108,"percentile":348},"2025-12-26",0.84687,{"date":350,"score":108,"percentile":351},"2025-12-27",0.84739,{"date":353,"score":108,"percentile":354},"2025-12-28",0.84678,{"date":356,"score":108,"percentile":357},"2025-12-29",0.84674,{"date":359,"score":108,"percentile":360},"2025-12-30",0.8468,{"date":362,"score":108,"percentile":363},"2025-12-31",0.84691,{"date":365,"score":108,"percentile":366},"2026-01-01",0.84755,{"date":368,"score":108,"percentile":369},"2026-01-02",0.84753,{"date":371,"score":108,"percentile":372},"2026-01-03",0.84749,{"date":374,"score":108,"percentile":354},"2026-01-04",{"date":376,"score":108,"percentile":377},"2026-01-05",0.84672,{"date":379,"score":108,"percentile":354},"2026-01-06",{"date":381,"score":108,"percentile":382},"2026-01-07",0.84676,{"date":384,"score":108,"percentile":345},"2026-01-08",{"date":386,"score":108,"percentile":387},"2026-01-09",0.8469,{"date":389,"score":108,"percentile":348},"2026-01-10",{"date":391,"score":108,"percentile":345},"2026-01-11",{"date":393,"score":108,"percentile":360},"2026-01-12",{"date":395,"score":108,"percentile":354},"2026-01-13",{"date":397,"score":108,"percentile":398},"2026-01-14",0.84697,{"date":400,"score":108,"percentile":401},"2026-01-15",0.84694,{"date":403,"score":108,"percentile":404},"2026-01-16",0.84702,{"date":406,"score":108,"percentile":407},"2026-01-17",0.84707,{"date":409,"score":108,"percentile":410},"2026-01-18",0.84704,{"date":412,"score":108,"percentile":413},"2026-01-19",0.84698,{"date":415,"score":108,"percentile":404},"2026-01-20",{"date":417,"score":108,"percentile":418},"2026-01-21",0.84708,{"date":420,"score":108,"percentile":421},"2026-01-22",0.84712,{"date":423,"score":108,"percentile":424},"2026-01-23",0.84723,{"date":426,"score":108,"percentile":427},"2026-01-24",0.84733,{"date":429,"score":108,"percentile":430},"2026-01-25",0.84729,{"date":432,"score":108,"percentile":430},"2026-01-26",{"date":434,"score":108,"percentile":435},"2026-01-27",0.84732,{"date":437,"score":108,"percentile":438},"2026-01-28",0.84737,{"date":440,"score":108,"percentile":441},"2026-01-29",0.84738,{"date":443,"score":108,"percentile":444},"2026-01-30",0.8474,{"date":446,"score":108,"percentile":447},"2026-01-31",0.84741,{"date":449,"score":108,"percentile":450},"2026-02-01",0.8481,[452],{"source":112,"cvss_v2_0":453,"cvss_v3_0":456,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":110,"baseSeverity":9,"vectorString":113,"impactScore":454,"exploitabilityScore":455},10,8.6,{"baseScore":457,"baseSeverity":458,"vectorString":459,"impactScore":460,"exploitabilityScore":461},8.8,"HIGH","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",9.8,7.2,[463,474,482,513,521],{"ecosystem":9,"name":464,"vendor":465,"product":466,"cpe_part":467,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":468},"debian linux","debian","debian_linux","o",[469,472],{"version":470,"is_range":76,"range_type":471,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0","cpe",{"version":473,"is_range":76,"range_type":471,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"ecosystem":9,"name":475,"vendor":476,"product":475,"cpe_part":467,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":477},"fedora","fedoraproject",[478,480],{"version":479,"is_range":76,"range_type":471,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"22",{"version":481,"is_range":76,"range_type":471,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"23",{"ecosystem":9,"name":483,"vendor":484,"product":483,"cpe_part":485,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":486},"firefox","mozilla","a",[487,489,491,493,495,497,499,501,503,505,507,509,511],{"version":488,"is_range":76,"range_type":471,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.0",{"version":490,"is_range":76,"range_type":471,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.0.1",{"version":492,"is_range":76,"range_type":471,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.0.5",{"version":494,"is_range":76,"range_type":471,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.1.0",{"version":496,"is_range":76,"range_type":471,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.1.1",{"version":498,"is_range":76,"range_type":471,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.2.0",{"version":500,"is_range":76,"range_type":471,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.2.1",{"version":502,"is_range":76,"range_type":471,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.3.0",{"version":504,"is_range":76,"range_type":471,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.4.0",{"version":506,"is_range":76,"range_type":471,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.5.0",{"version":508,"is_range":76,"range_type":471,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.5.1",{"version":510,"is_range":76,"range_type":471,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.5.2",{"version":512,"is_range":76,"range_type":471,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.6.0",{"ecosystem":9,"name":514,"vendor":484,"product":515,"cpe_part":485,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":516},"Thunderbird","thunderbird",[517],{"version":518,"is_range":519,"range_type":471,"version_start":9,"version_start_type":9,"version_end":508,"version_end_type":520,"fixed_in":9},"lte38.5.1",true,"including",{"ecosystem":9,"name":522,"vendor":523,"product":522,"cpe_part":485,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":524},"graphite2","sil",[525],{"version":526,"is_range":76,"range_type":471,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.2.4"]