Lucene search
K

187 matches found

NVD
NVD
added 2016/03/13 6:59 p.m.13 views

CVE-2016-2791

The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font...

8.8CVSS9.5AI score0.0227EPSS
Exploits0References26
OSV
OSV
added 2016/03/13 6:59 p.m.7 views

CVE-2016-2791

The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font...

8.8CVSS9.5AI score
Exploits0References26
NVD
NVD
added 2016/03/13 6:59 p.m.16 views

CVE-2016-2790

The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown othe...

8.8CVSS9.4AI score0.0227EPSS
Exploits0References26
OSV
OSV
added 2016/03/13 6:59 p.m.6 views

CVE-2016-2790

The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown othe...

8.8CVSS9.3AI score
Exploits0References26
NVD
NVD
added 2016/03/13 6:59 p.m.19 views

CVE-2016-1977

The Machine::Code::decoder::analysis::setref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service stack memory corruption via a crafted Graphite smart font...

8.8CVSS9.4AI score0.02912EPSS
Exploits0References26
Prion
Prion
added 2016/03/13 6:59 p.m.23 views

Out-of-bounds

The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact via a crafted Graphite smart font...

6.8CVSS7.8AI score0.01665EPSS
Exploits0References4Affected Software3
Prion
Prion
added 2016/03/13 6:59 p.m.19 views

Memory corruption

The Machine::Code::decoder::analysis::setref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service stack memory corruption via a crafted Graphite smart font...

6.8CVSS8.1AI score0.02912EPSS
Exploits0References26Affected Software7
UbuntuCve
UbuntuCve
added 2016/03/13 6:59 p.m.32 views

CVE-2016-1969

The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact via a crafted Graphite smart font...

8.8CVSS7.3AI score0.01665EPSS
Exploits0References3
Prion
Prion
added 2016/03/13 6:59 p.m.21 views

Design/Logic Flaw

The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite...

6.8CVSS7.8AI score0.0227EPSS
Exploits0References26Affected Software7
Prion
Prion
added 2016/03/13 6:59 p.m.29 views

Code injection

The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown othe...

6.8CVSS7.6AI score0.0227EPSS
Exploits0References26Affected Software7
Prion
Prion
added 2016/03/13 6:59 p.m.32 views

Design/Logic Flaw

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font,...

6.8CVSS8.8AI score0.0227EPSS
Exploits0References26Affected Software7
Prion
Prion
added 2016/03/13 6:59 p.m.18 views

Heap overflow

Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite...

6.8CVSS8.3AI score0.03854EPSS
Exploits1References26Affected Software7
Prion
Prion
added 2016/03/13 6:59 p.m.29 views

Code injection

The graphite2::FileFace::gettablefn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other...

6.8CVSS7.6AI score0.0227EPSS
Exploits0References26Affected Software7
Prion
Prion
added 2016/03/13 6:59 p.m.27 views

Heap overflow

Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font...

9.3CVSS8.3AI score0.04889EPSS
Exploits0References26Affected Software7
Prion
Prion
added 2016/03/13 6:59 p.m.16 views

Design/Logic Flaw

CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font...

6.8CVSS7.8AI score0.02708EPSS
Exploits0References26Affected Software7
Prion
Prion
added 2016/03/13 6:59 p.m.26 views

Design/Logic Flaw

The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font...

6.8CVSS7.8AI score0.0227EPSS
Exploits0References26Affected Software7
Prion
Prion
added 2016/03/13 6:59 p.m.19 views

Design/Logic Flaw

The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font...

6.8CVSS7.8AI score0.0227EPSS
Exploits0References26Affected Software7
Prion
Prion
added 2016/03/13 6:59 p.m.37 views

Design/Logic Flaw

The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart...

6.8CVSS8.8AI score0.02708EPSS
Exploits0References26Affected Software7
Cvelist
Cvelist
added 2016/03/13 6:0 p.m.27 views

CVE-2016-1969

The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact via a crafted Graphite smart font...

8.9AI score0.01665EPSS
Exploits0References4
CVE
CVE
added 2016/03/13 6:0 p.m.164 views

CVE-2016-1977

Summary: CVE-2016-1977 and related Graphite 2 vulnerabilities affect Graphite font rendering (library graphite2) used by Mozilla Firefox/Thunderbird. The issues stem from memory safety bugs in Graphite 2 (version 1.3.5 and earlier) that could allow remote code execution or crashes when processing...

8.8CVSS7.5AI score0.02912EPSS
Exploits0References26Affected Software3
Rows per page
Query Builder