CVE-2016-1523

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Libgraphite versions 1.2.4 Mozilla Firefox versions prior to 43.0 Firefox ESR versions prior to 38.6.1

Description The issue is related to the SillMap::readFace function in FeatureMap.cpp, which mishandles a return value. This can be exploited by remote attackers using a crafted Graphite smart font, leading to a denial of service, including missing initialization, NULL pointer dereference, and application crash.

Recommendations For Libgraphite version 1.2.4, update to a version that fixes the SillMap::readFace function issue. For Mozilla Firefox versions prior to 43.0, update to version 43.0 or later. For Firefox ESR versions prior to 38.6.1, update to version 38.6.1 or later.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2015-1539

ALT-PU-2016-1101

ALT-PU-2016-1130

ALT-PU-2016-1136

BDU:2016-00575

CESA-2016_0197

CESA-2016_0258

CESA-2016_0594

CVE-2016-1523

DSA-3477-1

DSA-3479-1

DSA-3491-1

MGASA-2016-0077

MGASA-2016-0078

OPENSUSE-SU-2016_0791-1

OPENSUSE-SU-2016_0875-1

RHSA-2016:0197

RHSA-2016:0258

RHSA-2016:0594

RHSA-2016_0197

RHSA-2016_0258

RHSA-2016_0594

SUSE-SU-2016:0554-1

SUSE-SU-2016:0564-1

SUSE-SU-2016:0584-1

SUSE-SU-2016:0779-1

SUSE-SU-2016_0554-1

SUSE-SU-2016_0564-1

USN-2902-1

USN-2904-1

Affected Products

Alt Linux

Centos

Firefox Esr

Libgraphite

Firefox

Red Hat

Suse

Ubuntu

CVE-2016-1523

Weakness Enumeration

Related Identifiers

Affected Products

References · 168