[FREEBSD:8F10FA04-CF6A-11E5-96D6-14DAE9D210B8] graphite2 -- code execution vulnerability
Severity
High
Affected Packages
3
CVEs
4
Talos reports:
An exploitable denial of service vulnerability exists
in the font handling of Libgraphite. A specially crafted font can cause
an out-of-bounds read potentially resulting in an information leak or
denial of service.
A specially crafted font can cause a buffer overflow
resulting in potential code execution.
An exploitable NULL pointer dereference exists in the
bidirectional font handling functionality of Libgraphite. A specially
crafted font can cause a NULL pointer dereference resulting in a
crash.
Package | Affected Version |
---|---|
pkg:freebsd/silgraphite | < 2.3.1_4 |
pkg:freebsd/linux-thunderbird | < 38.6.0 |
pkg:freebsd/graphite2 | < 1.3.5 |
- ID
- FREEBSD:8F10FA04-CF6A-11E5-96D6-14DAE9D210B8
- Severity
- high
- Severity from
- CVE-2016-1521
- URL
- http://vuxml.freebsd.org/freebsd/8f10fa04-cf6a-11e5-96d6-14dae9d210b8.html
- Published
-
2016-02-05T00:00:00
(8 years ago) - Modified
-
2016-02-09T00:00:00
(8 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
- ALAS-2016-696
- DSA-3477-1
- DSA-3479-1
- DSA-3491-1
- ELSA-2016-0197
- ELSA-2016-0594
- FEDORA-2016-338a7e9925
- FEDORA-2016-4154a4d0ba
- GLSA-201605-06
- GLSA-201701-35
- GLSA-201701-63
- RHSA-2016:0197
- RHSA-2016:0258
- RHSA-2016:0594
- RHSA-2016:0695
- SUSE-SU-2016:0554-1
- SUSE-SU-2016:0564-1
- SUSE-SU-2016:0584-1
- SUSE-SU-2016:0779-1
- USN-2902-1
- USN-2904-1
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html | ||
FreeBSD VuXML | http://www.talosintel.com/reports/TALOS-2016-0061/ | ||
FreeBSD VuXML | https://www.mozilla.org/security/advisories/mfsa2016-14/ |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/silgraphite | silgraphite | < 2.3.1_4 | ||||
Affected | pkg:freebsd/linux-thunderbird | linux-thunderbird | < 38.6.0 | ||||
Affected | pkg:freebsd/graphite2 | graphite2 | < 1.3.5 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |