Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-1526

Опубликовано: 05 фев. 2016
Источник: redhat
CVSS2: 5.8
EPSS Низкий

Описание

The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

A vulnerability has been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application.

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1308590graphite2: Out-of-bounds read vulnerability in TfUtil:LocaLookup

EPSS

Процентиль: 66%
0.00519
Низкий

5.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-1526

CVSS3: 8.1
ubuntu
больше 9 лет назад

The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

nvd логотип

CVE-2016-1526

CVSS3: 8.1
nvd
больше 9 лет назад

The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

debian логотип

CVE-2016-1526

CVSS3: 8.1
debian
больше 9 лет назад

The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graph ...

github логотип

GHSA-44hj-fxxj-472x

CVSS3: 8.1
github
больше 3 лет назад

The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

fstec логотип

BDU:2016-00576

fstec
больше 9 лет назад

Уязвимость браузера Firefox ESR, программного средства рендеринга Graphite 2, почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании или получить конфиденциальную информацию

EPSS

Процентиль: 66%
0.00519
Низкий

5.8 Medium

CVSS2