Your submission was sent successfully! Close

CVE-2016-1523

Published: 08 February 2016

The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
graphite2
Launchpad, Ubuntu, Debian
Upstream
Released (1.3.5-1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.3.5-1ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.2.4-1ubuntu1.1)
Patches:
Upstream: https://github.com/silnrsi/graphite/commit/2fc07f868146f924621307925b92a5161b7bd571 (0059)
Upstream: https://github.com/silnrsi/graphite/commit/6106dcbd5bc4df2e6ef6a7c632c69ca71ba2b518 (0059)
thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (38.6.0)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:38.6.0+build1-0ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:38.6.0+build1-0ubuntu0.14.04.1])