CVE-2016-1523
Advisory lineage Upstream: 0 Downstream: 16
Modified
Published: 13 Feb 2016, 02:00
Last modified:05 Aug 2024, 23:02
Vulnerability Summary
Overall Risk (default)
medium
26/100 CVSS Score
6.5 MEDIUM
v3.0 (nvd)
EPSS Score
1.34% LOW
1% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
13 Feb 2016, 02:00
Published
Vulnerability first disclosed
05 Aug 2024, 23:02
Last Modified
Vulnerability information updated
Description
The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.
CVSS Metrics
- v3.0•MEDIUM•Score: 6.5CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 1.34%• Percentile: 80%
Affected Systems
- debian•debian_linux
7.0 | 8.0
- fedoraproject•fedora
22 | 23
- mozilla•firefox
38.0 | 38.0.1 | 38.0.5 | 38.1.0 | 38.1.1 | 38.2.0 | 38.2.1 | 38.3.0 | 38.4.0 | 38.5.0 | 38.5.1 | 38.5.2 | 38.6.0
- mozilla•thunderbird
≤ 38.5.1
- sil•graphite2
1.2.4
References (25)
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00088.html
- https://security.gentoo.org/glsa/201701-35
- http://www.debian.org/security/2016/dsa-3491
- http://www.securityfocus.com/bid/82991
- http://www.debian.org/security/2016/dsa-3477
- http://www.ubuntu.com/usn/USN-2902-1
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00055.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://rhn.redhat.com/errata/RHSA-2016-0594.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00053.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securitytracker.com/id/1035017
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html
- http://www.debian.org/security/2016/dsa-3479
- http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
- http://rhn.redhat.com/errata/RHSA-2016-0258.html
- http://www.ubuntu.com/usn/USN-2904-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1246093
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html
- https://security.gentoo.org/glsa/201605-06
- http://rhn.redhat.com/errata/RHSA-2016-0197.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00052.html
- https://security.gentoo.org/glsa/201701-63
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-14.html