[USN-2902-1] graphite2 vulnerabilities
Severity
Medium
Affected Packages
3
CVEs
4
graphite2 could be made to crash or run programs as your login if it opened a specially crafted font.
Yves Younan discovered that graphite2 incorrectly handled certain malformed
fonts. If a user or automated system were tricked into opening a specially-
crafted font file, a remote attacker could use this issue to cause
graphite2 to crash, resulting in a denial of service, or possibly execute
arbitrary code.
Package | Affected Version |
---|---|
pkg:deb/ubuntu/libgraphite2-doc?distro=trusty | < 1.2.4-1ubuntu1.1 |
pkg:deb/ubuntu/libgraphite2-dev?distro=trusty | < 1.2.4-1ubuntu1.1 |
pkg:deb/ubuntu/libgraphite2-3?distro=trusty | < 1.2.4-1ubuntu1.1 |
- ID
- USN-2902-1
- Severity
- medium
- URL
- https://ubuntu.com/security/notices/USN-2902-1
- Published
-
2016-02-17T14:46:52
(8 years ago) - Modified
-
2016-02-17T14:46:52
(8 years ago) - Other Advisories
-
- ALAS-2016-696
- DSA-3477-1
- DSA-3479-1
- DSA-3491-1
- ELSA-2016-0197
- ELSA-2016-0594
- FEDORA-2016-338a7e9925
- FEDORA-2016-4154a4d0ba
- FREEBSD:8F10FA04-CF6A-11E5-96D6-14DAE9D210B8
- GLSA-201605-06
- GLSA-201701-35
- GLSA-201701-63
- RHSA-2016:0197
- RHSA-2016:0258
- RHSA-2016:0594
- RHSA-2016:0695
- SUSE-SU-2016:0554-1
- SUSE-SU-2016:0564-1
- SUSE-SU-2016:0584-1
- SUSE-SU-2016:0779-1
- USN-2904-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/libgraphite2-doc?distro=trusty | ubuntu | libgraphite2-doc | < 1.2.4-1ubuntu1.1 | trusty | ||
Affected | pkg:deb/ubuntu/libgraphite2-dev?distro=trusty | ubuntu | libgraphite2-dev | < 1.2.4-1ubuntu1.1 | trusty | ||
Affected | pkg:deb/ubuntu/libgraphite2-3?distro=trusty | ubuntu | libgraphite2-3 | < 1.2.4-1ubuntu1.1 | trusty |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |