[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-1977":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":68,"aliases":69,"duplicate_of":9,"upstream":70,"downstream":71,"duplicates":114,"related":115,"reserved_at":9,"published_at":127,"modified_at":128,"state":129,"summary":130,"references_raw":139,"kevs":256,"epss":257,"epss_history":260,"metrics":524,"affected":535},"CVE-2016-1977","The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-119","Improper Restriction of Operations within the Bounds of a Memory Buffer","The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.","weakness","Stable","Class","High",[20,24,28,32,36,40,44,48,52,56,60,64],{"id":21,"name":22,"techniques":23},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":25,"name":26,"techniques":27},"CAPEC-100","Overflow Buffers",[],{"id":29,"name":30,"techniques":31},"CAPEC-123","Buffer Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":37,"name":38,"techniques":39},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":41,"name":42,"techniques":43},"CAPEC-42","MIME Conversion",[],{"id":45,"name":46,"techniques":47},"CAPEC-44","Overflow Binary Resource File",[],{"id":49,"name":50,"techniques":51},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":53,"name":54,"techniques":55},"CAPEC-46","Overflow Variables and Tags",[],{"id":57,"name":58,"techniques":59},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":61,"name":62,"techniques":63},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":65,"name":66,"techniques":67},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],[],[],[],[72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110,112],{"_key":73},"RHSA-2016:0373",{"_key":75},"RHSA-2016:0460",{"_key":77},"OPENSUSE-SU-2024:10071-1",{"_key":79},"SUSE-SU-2016:0727-1",{"_key":81},"SUSE-SU-2016:0777-1",{"_key":83},"SUSE-SU-2016:0909-1",{"_key":85},"OPENSUSE-SU-2016:1769-1",{"_key":87},"OPENSUSE-SU-2016:1778-1",{"_key":89},"OPENSUSE-SU-2024:10230-1",{"_key":91},"OPENSUSE-SU-2024:14572-1",{"_key":93},"DSA-3510-1",{"_key":95},"DSA-3515-1",{"_key":97},"DSA-3520-1",{"_key":99},"MGASA-2016-0097",{"_key":101},"MGASA-2016-0105",{"_key":103},"MGASA-2016-0115",{"_key":105},"UBUNTU-CVE-2016-1977",{"_key":107},"USN-2917-1",{"_key":109},"USN-2927-1",{"_key":111},"USN-2934-1",{"_key":113},"DEBIAN-CVE-2016-1977",[],[116,117,118,119,120,121,122,123,124,125,126],{"_key":77},{"_key":79},{"_key":81},{"_key":83},{"_key":85},{"_key":87},{"_key":89},{"_key":91},{"_key":99},{"_key":101},{"_key":103},"2016-03-13T18:00:00.000Z","2024-08-05T23:17:50.321Z","Modified",{"cisa_kev":131,"cisa_ransomware":131,"cisa_vendor":9,"epss_severity":132,"epss_score":133,"severity":134,"severity_score":135,"severity_version":136,"severity_source":137,"severity_vector":138,"severity_status":129},false,"low",0.00701,"high",8.8,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",[140,148,154,158,162,167,171,175,179,183,188,193,197,202,206,210,214,218,222,227,231,236,240,244,248,252],{"url":141,"sources":142,"tags":144},"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html",[143,137],"cve.org",[145,146,147],"Vendor Advisory","X Refsource SUSE","Third Party Advisory",{"url":149,"sources":150,"tags":151},"http://www.securityfocus.com/bid/84222",[143,137],[152,153],"VDB Entry","X Refsource BID",{"url":155,"sources":156,"tags":157},"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html",[143,137],[145,146],{"url":159,"sources":160,"tags":161},"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html",[143,137],[145,146,147],{"url":163,"sources":164,"tags":165},"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",[143,137],[166,147],"X Refsource CONFIRM",{"url":168,"sources":169,"tags":170},"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html",[143,137],[145,146],{"url":172,"sources":173,"tags":174},"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html",[143,137],[145,146],{"url":176,"sources":177,"tags":178},"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html",[143,137],[145,146,147],{"url":180,"sources":181,"tags":182},"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html",[143,137],[145,146],{"url":184,"sources":185,"tags":186},"http://www.ubuntu.com/usn/USN-2917-1",[143,137],[145,187],"X Refsource UBUNTU",{"url":189,"sources":190,"tags":191},"https://bugzilla.mozilla.org/show_bug.cgi?id=1248876",[143,137],[166,192],"Issue Tracking",{"url":194,"sources":195,"tags":196},"http://www.ubuntu.com/usn/USN-2927-1",[143,137],[145,187],{"url":198,"sources":199,"tags":200},"http://www.debian.org/security/2016/dsa-3520",[143,137],[145,201],"X Refsource DEBIAN",{"url":203,"sources":204,"tags":205},"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html",[143,137],[145,146,147],{"url":207,"sources":208,"tags":209},"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html",[143,137],[145,146],{"url":211,"sources":212,"tags":213},"http://www.debian.org/security/2016/dsa-3510",[143,137],[145,201],{"url":215,"sources":216,"tags":217},"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html",[143,137],[145,146],{"url":219,"sources":220,"tags":221},"http://www.mozilla.org/security/announce/2016/mfsa2016-37.html",[143,137],[166,145],{"url":223,"sources":224,"tags":225},"http://www.securitytracker.com/id/1035215",[143,137],[152,226],"X Refsource SECTRACK",{"url":228,"sources":229,"tags":230},"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html",[143,137],[145,146],{"url":232,"sources":233,"tags":234},"https://security.gentoo.org/glsa/201605-06",[143,137],[145,235],"X Refsource GENTOO",{"url":237,"sources":238,"tags":239},"http://www.debian.org/security/2016/dsa-3515",[143,137],[145,201],{"url":241,"sources":242,"tags":243},"http://www.ubuntu.com/usn/USN-2934-1",[143,137],[145,187],{"url":245,"sources":246,"tags":247},"https://security.gentoo.org/glsa/201701-63",[143,137],[145,235],{"url":249,"sources":250,"tags":251},"http://www.ubuntu.com/usn/USN-2917-2",[143,137],[145,187],{"url":253,"sources":254,"tags":255},"http://www.ubuntu.com/usn/USN-2917-3",[143,137],[145,187],[],{"date":258,"score":133,"percentile":259},"2026-06-04",0.72412,[261,265,268,271,274,277,279,282,285,288,291,294,297,300,303,306,309,312,315,318,321,324,327,330,332,335,338,341,344,347,350,352,354,357,359,362,365,368,371,374,377,380,383,386,389,392,395,398,401,404,407,410,413,416,419,422,425,427,430,433,436,439,442,445,448,451,454,457,460,463,466,468,471,473,476,479,482,485,488,491,494,497,500,503,506,509,512,515,518,521],{"date":262,"score":263,"percentile":264},"2025-11-04",0.00963,0.7577,{"date":266,"score":263,"percentile":267},"2025-11-05",0.75766,{"date":269,"score":263,"percentile":270},"2025-11-06",0.75763,{"date":272,"score":263,"percentile":273},"2025-11-07",0.75779,{"date":275,"score":263,"percentile":276},"2025-11-08",0.75781,{"date":278,"score":263,"percentile":273},"2025-11-09",{"date":280,"score":263,"percentile":281},"2025-11-10",0.75769,{"date":283,"score":263,"percentile":284},"2025-11-11",0.75771,{"date":286,"score":263,"percentile":287},"2025-11-12",0.75791,{"date":289,"score":263,"percentile":290},"2025-11-13",0.75798,{"date":292,"score":263,"percentile":293},"2025-11-14",0.75804,{"date":295,"score":263,"percentile":296},"2025-11-15",0.75801,{"date":298,"score":263,"percentile":299},"2025-11-16",0.75802,{"date":301,"score":263,"percentile":302},"2025-11-17",0.75794,{"date":304,"score":263,"percentile":305},"2025-11-18",0.74573,{"date":307,"score":263,"percentile":308},"2025-11-19",0.74581,{"date":310,"score":263,"percentile":311},"2025-11-20",0.7459,{"date":313,"score":263,"percentile":314},"2025-11-21",0.75825,{"date":316,"score":263,"percentile":317},"2025-11-22",0.75826,{"date":319,"score":263,"percentile":320},"2025-11-23",0.7581,{"date":322,"score":263,"percentile":323},"2025-11-24",0.75811,{"date":325,"score":263,"percentile":326},"2025-11-25",0.75819,{"date":328,"score":263,"percentile":329},"2025-11-26",0.75823,{"date":331,"score":263,"percentile":317},"2025-11-27",{"date":333,"score":263,"percentile":334},"2025-11-28",0.75814,{"date":336,"score":263,"percentile":337},"2025-11-29",0.75817,{"date":339,"score":263,"percentile":340},"2025-11-30",0.75816,{"date":342,"score":263,"percentile":343},"2025-12-01",0.75944,{"date":345,"score":263,"percentile":346},"2025-12-02",0.75951,{"date":348,"score":263,"percentile":349},"2025-12-03",0.75941,{"date":351,"score":263,"percentile":320},"2025-12-04",{"date":353,"score":263,"percentile":326},"2025-12-05",{"date":355,"score":263,"percentile":356},"2025-12-06",0.75822,{"date":358,"score":263,"percentile":326},"2025-12-07",{"date":360,"score":263,"percentile":361},"2025-12-08",0.75824,{"date":363,"score":263,"percentile":364},"2025-12-09",0.7585,{"date":366,"score":263,"percentile":367},"2025-12-10",0.75875,{"date":369,"score":263,"percentile":370},"2025-12-11",0.75894,{"date":372,"score":263,"percentile":373},"2025-12-12",0.75917,{"date":375,"score":263,"percentile":376},"2025-12-13",0.75919,{"date":378,"score":263,"percentile":379},"2025-12-14",0.75915,{"date":381,"score":263,"percentile":382},"2025-12-15",0.75913,{"date":384,"score":263,"percentile":385},"2025-12-16",0.75925,{"date":387,"score":263,"percentile":388},"2025-12-17",0.75937,{"date":390,"score":263,"percentile":391},"2025-12-18",0.75955,{"date":393,"score":263,"percentile":394},"2025-12-19",0.7597,{"date":396,"score":263,"percentile":397},"2025-12-20",0.75962,{"date":399,"score":263,"percentile":400},"2025-12-21",0.75957,{"date":402,"score":263,"percentile":403},"2025-12-22",0.75954,{"date":405,"score":263,"percentile":406},"2025-12-23",0.75952,{"date":408,"score":263,"percentile":409},"2025-12-24",0.7596,{"date":411,"score":263,"percentile":412},"2025-12-25",0.75981,{"date":414,"score":263,"percentile":415},"2025-12-26",0.75979,{"date":417,"score":263,"percentile":418},"2025-12-27",0.76036,{"date":420,"score":263,"percentile":421},"2025-12-28",0.75963,{"date":423,"score":263,"percentile":424},"2025-12-29",0.75959,{"date":426,"score":263,"percentile":394},"2025-12-30",{"date":428,"score":263,"percentile":429},"2025-12-31",0.75992,{"date":431,"score":263,"percentile":432},"2026-01-01",0.7613,{"date":434,"score":263,"percentile":435},"2026-01-02",0.76133,{"date":437,"score":263,"percentile":438},"2026-01-03",0.76132,{"date":440,"score":263,"percentile":441},"2026-01-04",0.75999,{"date":443,"score":263,"percentile":444},"2026-01-05",0.75991,{"date":446,"score":263,"percentile":447},"2026-01-06",0.76002,{"date":449,"score":263,"percentile":450},"2026-01-07",0.76011,{"date":452,"score":263,"percentile":453},"2026-01-08",0.76022,{"date":455,"score":263,"percentile":456},"2026-01-09",0.76029,{"date":458,"score":263,"percentile":459},"2026-01-10",0.76031,{"date":461,"score":263,"percentile":462},"2026-01-11",0.76016,{"date":464,"score":263,"percentile":465},"2026-01-12",0.76003,{"date":467,"score":263,"percentile":447},"2026-01-13",{"date":469,"score":263,"percentile":470},"2026-01-14",0.7603,{"date":472,"score":263,"percentile":418},"2026-01-15",{"date":474,"score":263,"percentile":475},"2026-01-16",0.76048,{"date":477,"score":263,"percentile":478},"2026-01-17",0.76046,{"date":480,"score":263,"percentile":481},"2026-01-18",0.76038,{"date":483,"score":133,"percentile":484},"2026-01-19",0.71502,{"date":486,"score":133,"percentile":487},"2026-01-20",0.7151,{"date":489,"score":133,"percentile":490},"2026-01-21",0.71514,{"date":492,"score":133,"percentile":493},"2026-01-22",0.71525,{"date":495,"score":133,"percentile":496},"2026-01-23",0.71555,{"date":498,"score":133,"percentile":499},"2026-01-24",0.71561,{"date":501,"score":133,"percentile":502},"2026-01-25",0.7154,{"date":504,"score":133,"percentile":505},"2026-01-26",0.71536,{"date":507,"score":133,"percentile":508},"2026-01-27",0.71539,{"date":510,"score":133,"percentile":511},"2026-01-28",0.71556,{"date":513,"score":133,"percentile":514},"2026-01-29",0.71554,{"date":516,"score":133,"percentile":517},"2026-01-30",0.7156,{"date":519,"score":133,"percentile":520},"2026-01-31",0.71563,{"date":522,"score":133,"percentile":523},"2026-02-01",0.71689,[525],{"source":137,"cvss_v2_0":526,"cvss_v3_0":531,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":527,"baseSeverity":9,"vectorString":528,"impactScore":529,"exploitabilityScore":530},6.8,"AV:N/AC:M/Au:N/C:P/I:P/A:P",6.4,8.6,{"baseScore":135,"baseSeverity":532,"vectorString":138,"impactScore":533,"exploitabilityScore":534},"HIGH",9.8,7.2,[536,573,580,586,596,603],{"ecosystem":9,"name":537,"vendor":538,"product":537,"cpe_part":539,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":540},"firefox","mozilla","a",[541,547,549,551,553,555,557,559,561,563,565,567,569,571],{"version":542,"is_range":543,"range_type":544,"version_start":9,"version_start_type":9,"version_end":545,"version_end_type":546,"fixed_in":9},"lte44.0.2",true,"cpe","44.0.2","including",{"version":548,"is_range":131,"range_type":544,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.0",{"version":550,"is_range":131,"range_type":544,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.0.1",{"version":552,"is_range":131,"range_type":544,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.0.5",{"version":554,"is_range":131,"range_type":544,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.1.0",{"version":556,"is_range":131,"range_type":544,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.1.1",{"version":558,"is_range":131,"range_type":544,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.2.0",{"version":560,"is_range":131,"range_type":544,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.2.1",{"version":562,"is_range":131,"range_type":544,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.3.0",{"version":564,"is_range":131,"range_type":544,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.4.0",{"version":566,"is_range":131,"range_type":544,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.5.0",{"version":568,"is_range":131,"range_type":544,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.5.1",{"version":570,"is_range":131,"range_type":544,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.6.0",{"version":572,"is_range":131,"range_type":544,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38.6.1",{"ecosystem":9,"name":574,"vendor":575,"product":574,"cpe_part":576,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":577},"leap","opensuse","o",[578],{"version":579,"is_range":131,"range_type":544,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"42.1",{"ecosystem":9,"name":575,"vendor":575,"product":575,"cpe_part":576,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":581},[582,584],{"version":583,"is_range":131,"range_type":544,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"13.1",{"version":585,"is_range":131,"range_type":544,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"13.2",{"ecosystem":9,"name":587,"vendor":588,"product":587,"cpe_part":576,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":589},"linux","oracle",[590,592,594],{"version":591,"is_range":131,"range_type":544,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.0",{"version":593,"is_range":131,"range_type":544,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6",{"version":595,"is_range":131,"range_type":544,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7",{"ecosystem":9,"name":597,"vendor":598,"product":597,"cpe_part":539,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":599},"graphite2","sil",[600],{"version":601,"is_range":543,"range_type":544,"version_start":9,"version_start_type":9,"version_end":602,"version_end_type":546,"fixed_in":9},"lte1.3.5","1.3.5",{"ecosystem":9,"name":604,"vendor":605,"product":606,"cpe_part":576,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":607},"linux enterprise","suse","linux_enterprise",[608],{"version":609,"is_range":131,"range_type":544,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.0"]