CVE-2016-2801

Published: 8 March 2016

The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.

Priority

Cvss 3 Severity Score

8.8

Score breakdown

Status

Package	Release	Status
firefox Launchpad, Ubuntu, Debian	precise	Released (45.0+build2-0ubuntu0.12.04.1)
	trusty	Released (45.0+build2-0ubuntu0.14.04.1)
	upstream	Released (45.0)
	wily	Released (45.0+build2-0ubuntu0.15.10.1)
	xenial	Not vulnerable (45.0+build2-0ubuntu1)
	yakkety	Not vulnerable (45.0+build2-0ubuntu1)
	zesty	Not vulnerable (45.0+build2-0ubuntu1)
graphite2 Launchpad, Ubuntu, Debian	precise	Ignored (end of life)
	upstream	Released (1.3.6-1)
	trusty	Released (1.3.6-1ubuntu0.14.04.1)
	wily	Released (1.3.6-1ubuntu0.15.10.1)
	xenial	Released (1.3.6-1ubuntu1)
	yakkety	Released (1.3.6-1ubuntu1)
	zesty	Released (1.3.6-1ubuntu1)
thunderbird Launchpad, Ubuntu, Debian	precise	Released (1:38.7.2+build1-0ubuntu0.12.04.1)
	trusty	Released (1:38.7.2+build1-0ubuntu0.14.04.1)
	upstream	Released (38.7)
	wily	Released (1:38.7.2+build1-0ubuntu0.15.10.1)
	xenial	Released (1:38.7.2+build1-0ubuntu0.16.04.1)
	yakkety	Released (1:38.8.0+build1-0ubuntu1)
	zesty	Released (1:38.8.0+build1-0ubuntu1)

Severity score breakdown

Parameter	Value
Base score	8.8
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›