MidnightBSD

Advisories for sil

CVE-2016-1521 MEDIUM

The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mozilla firefox_esr 38.2.0
mozilla firefox_esr 38.4.0
mozilla firefox 38.0.5
mozilla firefox_esr 38.0.1
mozilla firefox_esr 38.1.1
mozilla firefox 38.5.0
mozilla firefox_esr 38.0.5
mozilla firefox_esr 38.1.0
mozilla firefox 38.0.1
mozilla firefox 38.2.0
mozilla firefox *
mozilla firefox 38.1.1
mozilla firefox 38.5.1
mozilla firefox 38.5.2
mozilla firefox_esr 38.3.0
mozilla firefox_esr 38.2.1
mozilla firefox 38.1.0
debian debian_linux 7.0
fedoraproject fedora 23
mozilla firefox 38.6.0
debian debian_linux 8.0
fedoraproject fedora 22
mozilla thunderbird *
mozilla firefox 38.4.0
mozilla firefox 38.3.0
sil graphite2 *
mozilla firefox 38.2.1
CVE-2016-1522 HIGH

Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sil graphite2 1.2.4
mozilla firefox_esr 38.2.0
mozilla firefox_esr 38.4.0
mozilla firefox 38.0.5
mozilla firefox_esr 38.0.1
mozilla firefox_esr 38.1.1
mozilla firefox 38.5.0
mozilla firefox_esr 38.0.5
mozilla firefox_esr 38.1.0
mozilla firefox 38.0
mozilla firefox 38.0.1
mozilla firefox 38.2.0
mozilla firefox 38.1.1
mozilla firefox 38.5.1
mozilla firefox 38.5.2
mozilla firefox_esr 38.3.0
mozilla firefox_esr 38.2.1
mozilla firefox 38.1.0
debian debian_linux 7.0
fedoraproject fedora 23
mozilla firefox 38.6.0
debian debian_linux 8.0
fedoraproject fedora 22
mozilla thunderbird *
mozilla firefox 38.4.0
mozilla firefox 38.3.0
mozilla firefox 38.2.1
mozilla firefox_esr 38.0
CVE-2016-1523 MEDIUM

The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sil graphite2 1.2.4
mozilla firefox_esr 38.2.0
mozilla firefox_esr 38.4.0
mozilla firefox 38.0.5
mozilla firefox_esr 38.0.1
mozilla firefox_esr 38.1.1
mozilla firefox 38.5.0
mozilla firefox_esr 38.0.5
mozilla firefox_esr 38.1.0
mozilla firefox 38.0
mozilla firefox 38.0.1
mozilla firefox 38.2.0
mozilla firefox 38.1.1
mozilla firefox 38.5.1
mozilla firefox 38.5.2
mozilla firefox_esr 38.3.0
mozilla firefox_esr 38.2.1
mozilla firefox 38.1.0
debian debian_linux 7.0
fedoraproject fedora 23
mozilla firefox 38.6.0
debian debian_linux 8.0
fedoraproject fedora 22
mozilla thunderbird *
mozilla firefox 38.4.0
mozilla firefox 38.3.0
mozilla firefox 38.2.1
mozilla firefox_esr 38.0
CVE-2016-1526 MEDIUM

The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-200,

Products Affected

Vendor Product Version
sil graphite2 1.2.4
mozilla firefox_esr 38.2.0
mozilla firefox_esr 38.4.0
mozilla firefox 38.0.5
mozilla firefox_esr 38.0.1
mozilla firefox_esr 38.1.1
mozilla firefox 38.5.0
mozilla firefox_esr 38.0.5
mozilla firefox_esr 38.1.0
mozilla firefox 38.0
mozilla firefox 38.0.1
mozilla firefox 38.2.0
mozilla firefox 38.1.1
mozilla firefox 38.5.1
mozilla firefox 38.5.2
mozilla firefox_esr 38.3.0
mozilla firefox_esr 38.2.1
mozilla firefox 38.1.0
debian debian_linux 7.0
fedoraproject fedora 23
mozilla firefox 38.6.0
debian debian_linux 8.0
fedoraproject fedora 22
mozilla thunderbird *
mozilla firefox 38.4.0
mozilla firefox 38.3.0
mozilla firefox 38.2.1
mozilla firefox_esr 38.0
CVE-2016-1969 MEDIUM

The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mozilla firefox 38.5.1
mozilla firefox_esr 38.3.0
mozilla firefox_esr 38.2.0
mozilla firefox_esr 38.2.1
mozilla firefox_esr 38.4.0
mozilla firefox 38.0.5
mozilla firefox_esr 38.0.1
mozilla firefox_esr 38.1.1
mozilla firefox 38.1.0
mozilla firefox 38.5.0
mozilla firefox_esr 38.0.5
mozilla firefox 38.6.0
mozilla firefox_esr 38.1.0
mozilla firefox 38.0
mozilla firefox 38.0.1
mozilla firefox 38.2.0
mozilla firefox *
mozilla firefox 38.4.0
mozilla firefox 38.3.0
sil graphite2 *
mozilla firefox 38.1.1
mozilla firefox 38.2.1
mozilla firefox_esr 38.0
CVE-2016-1977 MEDIUM

The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mozilla firefox_esr 38.2.0
mozilla firefox_esr 38.4.0
mozilla firefox 38.0.5
mozilla firefox_esr 38.0.1
mozilla firefox_esr 38.1.1
mozilla firefox 38.5.0
mozilla firefox_esr 38.0.5
mozilla firefox_esr 38.1.0
mozilla firefox 38.0
mozilla firefox 38.0.1
mozilla firefox 38.2.0
mozilla firefox *
opensuse leap 42.1
mozilla firefox 38.1.1
oracle linux 7
mozilla firefox 38.5.1
mozilla firefox_esr 38.3.0
mozilla firefox_esr 38.2.1
oracle linux 6
opensuse opensuse 13.1
mozilla firefox 38.1.0
oracle linux 5.0
mozilla firefox 38.6.0
opensuse opensuse 13.2
mozilla firefox 38.6.1
mozilla firefox 38.4.0
mozilla firefox 38.3.0
suse linux_enterprise 12.0
sil graphite2 *
mozilla firefox 38.2.1
mozilla firefox_esr 38.0
CVE-2016-2790 MEDIUM

The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-19,

Products Affected

Vendor Product Version
mozilla firefox_esr 38.2.0
mozilla firefox_esr 38.4.0
mozilla firefox 38.0.5
mozilla firefox_esr 38.0.1
mozilla firefox_esr 38.1.1
mozilla firefox 38.5.0
mozilla firefox_esr 38.0.5
mozilla firefox_esr 38.1.0
mozilla firefox 38.0
mozilla firefox 38.0.1
mozilla firefox 38.2.0
mozilla firefox *
opensuse leap 42.1
mozilla firefox 38.1.1
oracle linux 7
mozilla firefox 38.5.1
mozilla firefox_esr 38.3.0
mozilla firefox_esr 38.2.1
oracle linux 6
opensuse opensuse 13.1
mozilla firefox 38.1.0
oracle linux 5.0
mozilla firefox 38.6.0
opensuse opensuse 13.2
mozilla firefox 38.6.1
mozilla firefox 38.4.0
mozilla firefox 38.3.0
suse linux_enterprise 12.0
sil graphite2 *
mozilla firefox 38.2.1
mozilla firefox_esr 38.0
CVE-2016-2791 MEDIUM

The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mozilla firefox_esr 38.2.0
mozilla firefox_esr 38.4.0
mozilla firefox 38.0.5
mozilla firefox_esr 38.0.1
mozilla firefox_esr 38.1.1
mozilla firefox 38.5.0
mozilla firefox_esr 38.0.5
mozilla firefox_esr 38.1.0
mozilla firefox 38.0
mozilla firefox 38.0.1
mozilla firefox 38.2.0
mozilla firefox *
opensuse leap 42.1
mozilla firefox 38.1.1
oracle linux 7
mozilla firefox 38.5.1
mozilla firefox_esr 38.3.0
mozilla firefox_esr 38.2.1
oracle linux 6
opensuse opensuse 13.1
mozilla firefox 38.1.0
oracle linux 5.0
mozilla firefox 38.6.0
opensuse opensuse 13.2
mozilla firefox 38.6.1
mozilla firefox 38.4.0
mozilla firefox 38.3.0
suse linux_enterprise 12.0
sil graphite2 *
mozilla firefox 38.2.1
mozilla firefox_esr 38.0
CVE-2016-2792 MEDIUM

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mozilla firefox_esr 38.2.0
mozilla firefox_esr 38.4.0
mozilla firefox 38.0.5
mozilla firefox_esr 38.0.1
mozilla firefox_esr 38.1.1
mozilla firefox 38.5.0
mozilla firefox_esr 38.0.5
mozilla firefox_esr 38.1.0
mozilla firefox 38.0
mozilla firefox 38.0.1
mozilla firefox 38.2.0
mozilla firefox *
opensuse leap 42.1
mozilla firefox 38.1.1
oracle linux 7
mozilla firefox 38.5.1
mozilla firefox_esr 38.3.0
mozilla firefox_esr 38.2.1
oracle linux 6
opensuse opensuse 13.1
mozilla firefox 38.1.0
oracle linux 5.0
mozilla firefox 38.6.0
opensuse opensuse 13.2
mozilla firefox 38.6.1
mozilla firefox 38.4.0
mozilla firefox 38.3.0
suse linux_enterprise 12.0
sil graphite2 *
mozilla firefox 38.2.1
mozilla firefox_esr 38.0
CVE-2016-2793 MEDIUM

CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mozilla firefox_esr 38.2.0
mozilla firefox_esr 38.4.0
mozilla firefox 38.0.5
mozilla firefox_esr 38.0.1
mozilla firefox_esr 38.1.1
mozilla firefox 38.5.0
mozilla firefox_esr 38.0.5
mozilla firefox_esr 38.1.0
mozilla firefox 38.0
mozilla firefox 38.0.1
mozilla firefox 38.2.0
mozilla firefox *
opensuse leap 42.1
mozilla firefox 38.1.1
oracle linux 7
mozilla firefox 38.5.1
mozilla firefox_esr 38.3.0
mozilla firefox_esr 38.2.1
oracle linux 6
opensuse opensuse 13.1
mozilla firefox 38.1.0
oracle linux 5.0
mozilla firefox 38.6.0
opensuse opensuse 13.2
mozilla firefox 38.6.1
mozilla firefox 38.4.0
mozilla firefox 38.3.0
suse linux_enterprise 12.0
sil graphite2 *
mozilla firefox 38.2.1
mozilla firefox_esr 38.0
CVE-2016-2794 HIGH

The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mozilla firefox_esr 38.2.0
mozilla firefox_esr 38.4.0
mozilla firefox 38.0.5
mozilla firefox_esr 38.0.1
mozilla firefox_esr 38.1.1
mozilla firefox 38.5.0
mozilla firefox_esr 38.0.5
mozilla firefox_esr 38.1.0
mozilla firefox 38.0
mozilla firefox 38.0.1
mozilla firefox 38.2.0
mozilla firefox *
opensuse leap 42.1
mozilla firefox 38.1.1
oracle linux 7
mozilla firefox 38.5.1
mozilla firefox_esr 38.3.0
mozilla firefox_esr 38.2.1
oracle linux 6
opensuse opensuse 13.1
mozilla firefox 38.1.0
oracle linux 5.0
mozilla firefox 38.6.0
opensuse opensuse 13.2
mozilla firefox 38.6.1
mozilla firefox 38.4.0
mozilla firefox 38.3.0
suse linux_enterprise 12.0
sil graphite2 *
mozilla firefox 38.2.1
mozilla firefox_esr 38.0
CVE-2016-2795 MEDIUM

The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-19,

Products Affected

Vendor Product Version
mozilla firefox_esr 38.2.0
mozilla firefox_esr 38.4.0
mozilla firefox 38.0.5
mozilla firefox_esr 38.0.1
mozilla firefox_esr 38.1.1
mozilla firefox 38.5.0
mozilla firefox_esr 38.0.5
mozilla firefox_esr 38.1.0
mozilla firefox 38.0
mozilla firefox 38.0.1
mozilla firefox 38.2.0
mozilla firefox *
opensuse leap 42.1
mozilla firefox 38.1.1
oracle linux 7
mozilla firefox 38.5.1
mozilla firefox_esr 38.3.0
mozilla firefox_esr 38.2.1
oracle linux 6
opensuse opensuse 13.1
mozilla firefox 38.1.0
oracle linux 5.0
mozilla firefox 38.6.0
opensuse opensuse 13.2
mozilla firefox 38.6.1
mozilla firefox 38.4.0
mozilla firefox 38.3.0
suse linux_enterprise 12.0
sil graphite2 *
mozilla firefox 38.2.1
mozilla firefox_esr 38.0
CVE-2016-2796 MEDIUM

Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mozilla firefox_esr 38.2.0
mozilla firefox_esr 38.4.0
mozilla firefox 38.0.5
mozilla firefox_esr 38.0.1
mozilla firefox_esr 38.1.1
mozilla firefox 38.5.0
mozilla firefox_esr 38.0.5
mozilla firefox_esr 38.1.0
mozilla firefox 38.0
mozilla firefox 38.0.1
mozilla firefox 38.2.0
mozilla firefox *
opensuse leap 42.1
mozilla firefox 38.1.1
oracle linux 7
mozilla firefox 38.5.1
mozilla firefox_esr 38.3.0
mozilla firefox_esr 38.2.1
oracle linux 6
opensuse opensuse 13.1
mozilla firefox 38.1.0
oracle linux 5.0
mozilla firefox 38.6.0
opensuse opensuse 13.2
mozilla firefox 38.6.1
mozilla firefox 38.4.0
mozilla firefox 38.3.0
suse linux_enterprise 12.0
sil graphite2 *
mozilla firefox 38.2.1
mozilla firefox_esr 38.0
CVE-2016-2797 MEDIUM

The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mozilla firefox_esr 38.2.0
mozilla firefox_esr 38.4.0
mozilla firefox 38.0.5
mozilla firefox_esr 38.0.1
mozilla firefox_esr 38.1.1
mozilla firefox 38.5.0
mozilla firefox_esr 38.0.5
mozilla firefox_esr 38.1.0
mozilla firefox 38.0
mozilla firefox 38.0.1
mozilla firefox 38.2.0
mozilla firefox *
opensuse leap 42.1
mozilla firefox 38.1.1
oracle linux 7
mozilla firefox 38.5.1
mozilla firefox_esr 38.3.0
mozilla firefox_esr 38.2.1
oracle linux 6
opensuse opensuse 13.1
mozilla firefox 38.1.0
oracle linux 5.0
mozilla firefox 38.6.0
opensuse opensuse 13.2
mozilla firefox 38.6.1
mozilla firefox 38.4.0
mozilla firefox 38.3.0
suse linux_enterprise 12.0
sil graphite2 *
mozilla firefox 38.2.1
mozilla firefox_esr 38.0
CVE-2016-2798 MEDIUM

The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mozilla firefox_esr 38.2.0
mozilla firefox_esr 38.4.0
mozilla firefox 38.0.5
mozilla firefox_esr 38.0.1
mozilla firefox_esr 38.1.1
mozilla firefox 38.5.0
mozilla firefox_esr 38.0.5
mozilla firefox_esr 38.1.0
mozilla firefox 38.0
mozilla firefox 38.0.1
mozilla firefox 38.2.0
mozilla firefox *
opensuse leap 42.1
mozilla firefox 38.1.1
oracle linux 7
mozilla firefox 38.5.1
mozilla firefox_esr 38.3.0
mozilla firefox_esr 38.2.1
oracle linux 6
opensuse opensuse 13.1
mozilla firefox 38.1.0
oracle linux 5.0
mozilla firefox 38.6.0
opensuse opensuse 13.2
mozilla firefox 38.6.1
mozilla firefox 38.4.0
mozilla firefox 38.3.0
suse linux_enterprise 12.0
sil graphite2 *
mozilla firefox 38.2.1
mozilla firefox_esr 38.0
CVE-2016-2799 HIGH

Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mozilla firefox_esr 38.2.0
mozilla firefox_esr 38.4.0
mozilla firefox 38.0.5
mozilla firefox_esr 38.0.1
mozilla firefox_esr 38.1.1
mozilla firefox 38.5.0
mozilla firefox_esr 38.0.5
mozilla firefox_esr 38.1.0
mozilla firefox 38.0
mozilla firefox 38.0.1
mozilla firefox 38.2.0
mozilla firefox *
opensuse leap 42.1
mozilla firefox 38.1.1
oracle linux 7
mozilla firefox 38.5.1
mozilla firefox_esr 38.3.0
mozilla firefox_esr 38.2.1
oracle linux 6
opensuse opensuse 13.1
mozilla firefox 38.1.0
oracle linux 5.0
mozilla firefox 38.6.0
opensuse opensuse 13.2
mozilla firefox 38.6.1
mozilla firefox 38.4.0
mozilla firefox 38.3.0
suse linux_enterprise 12.0
sil graphite2 *
mozilla firefox 38.2.1
mozilla firefox_esr 38.0
CVE-2016-2800 MEDIUM

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mozilla firefox_esr 38.2.0
mozilla firefox_esr 38.4.0
mozilla firefox 38.0.5
mozilla firefox_esr 38.0.1
mozilla firefox_esr 38.1.1
mozilla firefox 38.5.0
mozilla firefox_esr 38.0.5
mozilla firefox_esr 38.1.0
mozilla firefox 38.0
mozilla firefox 38.0.1
mozilla firefox 38.2.0
mozilla firefox *
opensuse leap 42.1
mozilla firefox 38.1.1
oracle linux 7
mozilla firefox 38.5.1
mozilla firefox_esr 38.3.0
mozilla firefox_esr 38.2.1
oracle linux 6
opensuse opensuse 13.1
mozilla firefox 38.1.0
oracle linux 5.0
mozilla firefox 38.6.0
opensuse opensuse 13.2
mozilla firefox 38.6.1
mozilla firefox 38.4.0
mozilla firefox 38.3.0
suse linux_enterprise 12.0
sil graphite2 *
mozilla firefox 38.2.1
mozilla firefox_esr 38.0
CVE-2016-2801 MEDIUM

The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mozilla firefox_esr 38.2.0
mozilla firefox_esr 38.4.0
mozilla firefox 38.0.5
mozilla firefox_esr 38.0.1
mozilla firefox_esr 38.1.1
mozilla firefox 38.5.0
mozilla firefox_esr 38.0.5
mozilla firefox_esr 38.1.0
mozilla firefox 38.0
mozilla firefox 38.0.1
mozilla firefox 38.2.0
mozilla firefox *
opensuse leap 42.1
mozilla firefox 38.1.1
oracle linux 7
mozilla firefox 38.5.1
mozilla firefox_esr 38.3.0
mozilla firefox_esr 38.2.1
oracle linux 6
opensuse opensuse 13.1
mozilla firefox 38.1.0
oracle linux 5.0
mozilla firefox 38.6.0
opensuse opensuse 13.2
mozilla firefox 38.6.1
mozilla firefox 38.4.0
mozilla firefox 38.3.0
suse linux_enterprise 12.0
sil graphite2 *
mozilla firefox 38.2.1
mozilla firefox_esr 38.0
CVE-2016-2802 MEDIUM

The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mozilla firefox_esr 38.2.0
mozilla firefox_esr 38.4.0
mozilla firefox 38.0.5
mozilla firefox_esr 38.0.1
mozilla firefox_esr 38.1.1
mozilla firefox 38.5.0
mozilla firefox_esr 38.0.5
mozilla firefox_esr 38.1.0
mozilla firefox 38.0
mozilla firefox 38.0.1
mozilla firefox 38.2.0
mozilla firefox *
opensuse leap 42.1
mozilla firefox 38.1.1
oracle linux 7
mozilla firefox 38.5.1
mozilla firefox_esr 38.3.0
mozilla firefox_esr 38.2.1
oracle linux 6
opensuse opensuse 13.1
mozilla firefox 38.1.0
oracle linux 5.0
mozilla firefox 38.6.0
opensuse opensuse 13.2
mozilla firefox 38.6.1
mozilla firefox 38.4.0
mozilla firefox 38.3.0
suse linux_enterprise 12.0
sil graphite2 *
mozilla firefox 38.2.1
mozilla firefox_esr 38.0
CVE-2017-5436 MEDIUM

An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
mozilla firefox_esr *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux 6.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux 7.0
redhat enterprise_linux_server 6.0
debian debian_linux 8.0
redhat enterprise_linux_server 7.0
mozilla thunderbird *
redhat enterprise_linux_server_eus 7.3
mozilla firefox 52.0
sil graphite2 -
mozilla firefox *
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 7.0
CVE-2017-7771 MEDIUM

Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
mozilla firefox *
sil graphite2 *
CVE-2017-7772 MEDIUM

Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mozilla firefox *
sil graphite2 *
CVE-2017-7773 MEDIUM

Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mozilla firefox *
sil graphite2 *
CVE-2017-7774 MEDIUM

Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
mozilla firefox *
sil graphite2 *
CVE-2017-7776 MEDIUM

Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
mozilla firefox *
sil graphite2 *
CVE-2017-7777 MEDIUM

Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mozilla firefox *
sil graphite2 *
CVE-2017-7778 HIGH

A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-125,CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 9.0
mozilla firefox_esr *
debian debian_linux 8.0
mozilla thunderbird *
mozilla firefox *
sil graphite2 *
CVE-2018-7999 MEDIUM

In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
sil graphite2 1.3.11