QwikSec

Security Database

CVE

CWE

Training

CVE-2016-1522

Published: Feb 13, 2016

Modified: Aug 5, 2024

PUBLISHED

Description

Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_GENTOO

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_UBUNTU

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

x_refsource_CONFIRM

openSUSE-SU-2016:0791

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_DEBIAN

http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html

x_refsource_MISC

vendor-advisory

x_refsource_REDHAT

FEDORA-2016-4154a4d0ba

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_GENTOO

FEDORA-2016-338a7e9925

vendor-advisory

x_refsource_FEDORA

http://www.mozilla.org/security/announce/2016/mfsa2016-14.html

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.