Lucene search

K

[email protected]CVE-2016-1977

HistoryMar 13, 2016 - 6:59 p.m.

CVE-2016-1977

2016-03-1318:59:26

CWE-119

[email protected]

web.nvd.nist.gov

67

cve-2016-1977

graphite 2

remote code execution

denial of service

font vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

89.0%

The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.

Affected configurations

NVD

Node

opensuseleapMatch42.1

OR

opensuseopensuseMatch13.1

OR

opensuseopensuseMatch13.2

OR

suselinux_enterpriseMatch12.0

Node

oraclelinuxMatch5.0

OR

oraclelinuxMatch6

OR

oraclelinuxMatch7

Node

silgraphite2Range≤1.3.5

Node

mozillafirefoxRange≤44.0.2

OR

mozillafirefox_esrMatch38.0

OR

mozillafirefox_esrMatch38.0.1

OR

mozillafirefox_esrMatch38.0.5

OR

mozillafirefox_esrMatch38.1.0

OR

mozillafirefox_esrMatch38.1.1

OR

mozillafirefox_esrMatch38.2.0

OR

mozillafirefox_esrMatch38.2.1

OR

mozillafirefox_esrMatch38.3.0

OR

mozillafirefox_esrMatch38.4.0

OR

mozillafirefox_esrMatch38.5.0

OR

mozillafirefox_esrMatch38.5.1

OR

mozillafirefox_esrMatch38.6.0

OR

mozillafirefox_esrMatch38.6.1

CPENameOperatorVersion
opensuse:leapopensuse leapeq42.1
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2
suse:linux_enterprisesuse linux enterpriseeq12.0

References

lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html

www.debian.org/security/2016/dsa-3510

www.debian.org/security/2016/dsa-3515

www.debian.org/security/2016/dsa-3520

www.mozilla.org/security/announce/2016/mfsa2016-37.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.securityfocus.com/bid/84222

www.securitytracker.com/id/1035215

www.ubuntu.com/usn/USN-2917-1

www.ubuntu.com/usn/USN-2917-2

www.ubuntu.com/usn/USN-2917-3

www.ubuntu.com/usn/USN-2927-1

www.ubuntu.com/usn/USN-2934-1

bugzilla.mozilla.org/show_bug.cgi?id=1248876

security.gentoo.org/glsa/201605-06

security.gentoo.org/glsa/201701-63

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

89.0%

Related for CVE-2016-1977

prion1 debiancve1 ubuntucve1 cvelist1 nvd1 ubuntu5 nessus36 openvas43 mozilla1 mageia3 debian3 osv2 freebsd1 gentoo2 redhat2 centos2 oraclelinux2 archlinux2 veracode25 suse11 kaspersky1