CVE-2016-1522

HIGH

Mozilla Firefox <43.0 & ESR 38.x <38.6.1 - Heap-Based Buffer Overflow

Title source: llm
STIX 2.1

Description

Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.

References (15)

Core 15
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/82991
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0258.html
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0197.html
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2902-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0594.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3479
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201701-35
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201701-63

Scores

CVSS v3 8.8
EPSS 0.0242
EPSS Percentile 85.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (19)
debian/debian_linux 7.0
debian/debian_linux 8.0
fedoraproject/fedora 22
fedoraproject/fedora 23
mozilla/firefox 38.0
mozilla/firefox 38.0.1
mozilla/firefox 38.0.5
mozilla/firefox 38.1.0
mozilla/firefox 38.1.1
mozilla/firefox 38.2.0
... and 9 more
Published Feb 13, 2016
Tracked Since Feb 18, 2026