6.5

CVE-2016-1523

The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FedoraprojectFedora Version22
FedoraprojectFedora Version23
MozillaFirefox Version38.0
MozillaFirefox Version38.0.1
MozillaFirefox Version38.0.5
MozillaFirefox Version38.1.0
MozillaFirefox Version38.1.1
MozillaFirefox Version38.2.0
MozillaFirefox Version38.2.1
MozillaFirefox Version38.3.0
MozillaFirefox Version38.4.0
MozillaFirefox Version38.5.0
MozillaFirefox Version38.5.1
MozillaFirefox Version38.5.2
MozillaFirefox Version38.6.0
MozillaThunderbird Version <= 38.5.1
SilGraphite2 Version1.2.4
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.32% 0.812
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
https://security.gentoo.org/glsa/201605-06
http://www.debian.org/security/2016/dsa-3491
http://www.ubuntu.com/usn/USN-2904-1
http://rhn.redhat.com/errata/RHSA-2016-0258.html
http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00052.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00088.html
http://rhn.redhat.com/errata/RHSA-2016-0197.html
http://rhn.redhat.com/errata/RHSA-2016-0594.html
http://www.debian.org/security/2016/dsa-3479
Third Party Advisory
http://www.mozilla.org/security/announce/2016/mfsa2016-14.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/82991
http://www.ubuntu.com/usn/USN-2902-1
https://security.gentoo.org/glsa/201701-35
https://security.gentoo.org/glsa/201701-63
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00053.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00055.html
http://www.debian.org/security/2016/dsa-3477
http://www.securitytracker.com/id/1035017
https://bugzilla.mozilla.org/show_bug.cgi?id=1246093
Issue Tracking