Your submission was sent successfully! Close

CVE-2016-1523

Published: 8 February 2016

The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
graphite2
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was needed)
trusty
Released (1.2.4-1ubuntu1.1)
upstream
Released (1.3.5-1)
wily
Released (1.2.4-3ubuntu1.1)
xenial
Released (1.3.5-1ubuntu1)
yakkety
Released (1.3.5-1ubuntu1)
zesty
Released (1.3.5-1ubuntu1)
thunderbird
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was released [1:38.6.0+build1-0ubuntu0.12.04.1])
trusty Does not exist
(trusty was released [1:38.6.0+build1-0ubuntu0.14.04.1])
upstream
Released (38.6.0)
vivid Ignored
(reached end-of-life)
wily
Released (1:38.6.0+build1-0ubuntu0.15.10.1)
xenial
Released (1:38.6.0+build1-0ubuntu1)
yakkety
Released (1:38.6.0+build1-0ubuntu1)
zesty
Released (1:38.6.0+build1-0ubuntu1)