Skip to main content

Graphite2 CVE-2016-2796

HIGH
Buffer Overflow (CWE-119)
2016-03-13 security@mozilla.org
8.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 13, 2016 - 18:59 cve.org
HIGH 8.8

DescriptionCVE.org

Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.

AnalysisAI

Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. Affected products include: Sil Graphite2, Opensuse Leap, Opensuse, Suse Linux Enterprise, Oracle Linux. Version information: before 1.3.6.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2016-1522 HIGH POC
8.8 Feb 13

Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1,

CVE-2018-7999 HIGH POC
8.8 Mar 09

In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRend

CVE-2016-2794 HIGH
8.8 Mar 13

The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox befo

CVE-2016-1521 HIGH
8.8 Feb 13

The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 a

CVE-2016-1977 HIGH
8.8 Mar 13

The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.

CVE-2016-2799 HIGH
8.8 Mar 13

Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firef

CVE-2016-2802 HIGH
8.8 Mar 13

The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox befor

CVE-2016-2801 HIGH
8.8 Mar 13

The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Fire

CVE-2016-2800 HIGH
8.8 Mar 13

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and

CVE-2016-2798 HIGH
8.8 Mar 13

The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 an

CVE-2016-2795 HIGH
8.8 Mar 13

The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Fi

CVE-2016-2792 HIGH
8.8 Mar 13

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and

Share

CVE-2016-2796 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy