CVE-2016-1522

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Graphite 2 versions 1.2.4 and earlier Mozilla Firefox versions prior to 43.0 Mozilla Firefox ESR versions 38.x prior to 38.6.1

Description The issue is caused by a heap-based buffer overflow in the Code.cpp function of the Libgraphite component in Graphite 2, which is used in Mozilla Firefox and Thunderbird. This can be exploited by a remote attacker using a specially crafted Graphite smart font, potentially allowing them to cause a denial of service or execute arbitrary code.

Recommendations For Graphite 2 version 1.2.4 and earlier, update to a version later than 1.2.4 to resolve the issue. For Mozilla Firefox versions prior to 43.0, update to version 43.0 or later. For Mozilla Firefox ESR versions 38.x prior to 38.6.1, update to version 38.6.1 or later.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2015-1539

ALT-PU-2016-1101

ALT-PU-2016-1130

ALT-PU-2016-1136

BDU:2016-00574

CESA-2016_0197

CESA-2016_0258

CESA-2016_0594

CVE-2016-1522

DSA-3479-1

MGASA-2016-0077

MGASA-2016-0078

OPENSUSE-SU-2016_0791-1

RHSA-2016:0197

RHSA-2016:0258

RHSA-2016:0594

RHSA-2016_0197

RHSA-2016_0258

RHSA-2016_0594

USN-2902-1

Affected Products

Alt Linux

Centos

Graphite 2

Firefox

Firefox Esr

Red Hat

Suse

Thunderbird

Ubuntu

CVE-2016-1522

Weakness Enumeration

Related Identifiers

Affected Products

References · 117