CVE-2016-1526

HIGH

Mozilla Firefox <43.0 & ESR 38.x <38.6.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

References (15)

Core 15
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/82991
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2902-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0695.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0594.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3479
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201701-35
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201701-63

Scores

CVSS v3 8.1
EPSS 0.0076
EPSS Percentile 73.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Details

CWE
CWE-119 CWE-200
Status published
Products (19)
debian/debian_linux 7.0
debian/debian_linux 8.0
fedoraproject/fedora 22
fedoraproject/fedora 23
mozilla/firefox 38.0
mozilla/firefox 38.0.1
mozilla/firefox 38.0.5
mozilla/firefox 38.1.0
mozilla/firefox 38.1.1
mozilla/firefox 38.2.0
... and 9 more
Published Feb 13, 2016
Tracked Since Feb 18, 2026