[FREEBSD:8F10FA04-CF6A-11E5-96D6-14DAE9D210B8] graphite2 -- code execution vulnerability

Severity High

Affected Packages 3

CVEs 4

Talos reports:

  An exploitable denial of service vulnerability exists
    in the font handling of Libgraphite. A specially crafted font can cause
    an out-of-bounds read potentially resulting in an information leak or
    denial of service.
  A specially crafted font can cause a buffer overflow
    resulting in potential code execution.
  An exploitable NULL pointer dereference exists in the
    bidirectional font handling functionality of Libgraphite. A specially
    crafted font can cause a NULL pointer dereference resulting in a
    crash.

Package	Affected Version
pkg:freebsd/silgraphite	< 2.3.1_4
pkg:freebsd/linux-thunderbird	< 38.6.0
pkg:freebsd/graphite2	< 1.3.5

ID

FREEBSD:8F10FA04-CF6A-11E5-96D6-14DAE9D210B8

Severity

high

Severity from

CVE-2016-1521

URL

http://vuxml.freebsd.org/freebsd/8f10fa04-cf6a-11e5-96d6-14dae9d210b8.html

Published

2016-02-05T00:00:00
(8 years ago)

Modified

2016-02-09T00:00:00
(8 years ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
FreeBSD VuXML			http://www.talosintel.com/reports/TALOS-2016-0061/
FreeBSD VuXML			https://www.mozilla.org/security/advisories/mfsa2016-14/

Type	Package URL	Name / Product	Version
Affected	pkg:freebsd/silgraphite	silgraphite	< 2.3.1_4
Affected	pkg:freebsd/linux-thunderbird	linux-thunderbird	< 38.6.0
Affected	pkg:freebsd/graphite2	graphite2	< 1.3.5

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date