CVE-2016-4852

MEDIUM

Aki-null Yorufukurou < 2.84 - Improper Input Validation

Title source: rule

Description

YoruFukurou (NightOwl) before 2.85 relies on support for emoji skin-tone modifiers even though this support is missing from the CoreText CTFramesetter API on OS X 10.9, which allows remote attackers to cause a denial of service (application crash) via a crafted emoji character sequence.

References (4)

Scores

CVSS v3 6.5
EPSS 0.0069
EPSS Percentile 71.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE
CWE-20
Status published

Affected Products (2)

aki-null/yorufukurou < 2.84
n/a/n/a

Timeline

Published Sep 12, 2016
Tracked Since Feb 18, 2026