5 matches found
DEBIAN-CVE-2016-1969
The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact via a crafted Graphite smart font...
UBUNTU-CVE-2016-2800
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font,...
UBUNTU-CVE-2016-2790
The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown othe...
UBUNTU-CVE-2016-1968
Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow via crafted data with brotli compression...
PT-2016-1448 · Mozilla +3 · Firefox Esr +5
Name of the Vulnerable Software and Affected Versions: Graphite 2 versions prior to 1.3.6 Mozilla Firefox versions prior to 45.0 Firefox ESR 38.x versions prior to 38.6.1 Description: The issue is related to the setAttr function in Graphite 2, which can be exploited by remote attackers using a...