Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-1522

Опубликовано: 13 фев. 2016
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 9.3
CVSS3: 8.8

Описание

Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.

РелизСтатусПримечание
devel

released

1.3.5-1ubuntu1
esm-infra-legacy/trusty

not-affected

1.2.4-1ubuntu1.1
esm-infra/xenial

not-affected

1.3.5-1ubuntu1
precise

ignored

end of life
precise/esm

DNE

precise was needs-triage
trusty

released

1.2.4-1ubuntu1.1
trusty/esm

not-affected

1.2.4-1ubuntu1.1
upstream

released

1.3.5-1
vivid/stable-phone-overlay

ignored

end of life
vivid/ubuntu-core

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 82%
0.01759
Низкий

9.3 Critical

CVSS2

8.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2016-1522

redhat
больше 9 лет назад

Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.

nvd логотип

CVE-2016-1522

CVSS3: 8.8
nvd
больше 9 лет назад

Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.

debian логотип

CVE-2016-1522

CVSS3: 8.8
debian
больше 9 лет назад

Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefo ...

github логотип

GHSA-g9c3-vp28-w6w3

CVSS3: 8.8
github
больше 3 лет назад

Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.

fstec логотип

BDU:2016-00574

fstec
больше 9 лет назад

Уязвимость браузера Firefox ESR, программного средства рендеринга Graphite 2, почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

EPSS

Процентиль: 82%
0.01759
Низкий

9.3 Critical

CVSS2

8.8 High

CVSS3