QwikSec

Security Database

CVE

CWE

Training

CVE-2016-1526

Published: Feb 13, 2016

Modified: Aug 5, 2024

PUBLISHED

Description

The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

openSUSE-SU-2016:0875

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_GENTOO

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_UBUNTU

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

openSUSE-SU-2016:0791

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_DEBIAN

http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html

x_refsource_MISC

FEDORA-2016-4154a4d0ba

vendor-advisory

x_refsource_FEDORA

SUSE-SU-2016:0779

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_GENTOO

FEDORA-2016-338a7e9925

vendor-advisory

x_refsource_FEDORA

http://www.mozilla.org/security/announce/2016/mfsa2016-14.html

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.