892 matches found
CVE-2016-2797
Graphite 2 before 1.3.6 is affected by CVE-2016-2797 via the TtfUtil::CmapSubtable12Lookup path. The vulnerability exists when Graphite is used by Firefox before 45.0 and Firefox ESR 38.x before 38.7, allowing a crafted Graphite smart font to cause a denial-of-service (buffer over-read) or simila...
CVE-2016-2794
The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite...
CVE-2016-2793
CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font...
CVE-2016-2796
Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite...
CVE-2016-2790
The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown othe...
CVE-2016-2793
CVE-2016-2793 affects the Graphite 2 font library (CachedCmap.cpp) up to version 1.3.5 used by Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7. A crafted Graphite font can trigger a buffer over-read, potentially causing a denial of service or other impact. Remediation, where availabl...
CVE-2016-2795
The graphite2::FileFace::gettablefn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other...
CVE-2016-2792
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font,...
CVE-2016-2790
The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown othe...
CVE-2016-2799
CVE-2016-2799 is a heap-based buffer overflow in graphite2::Slot::setAttr in Graphite2 up to 1.3.6, impacting Firefox <45.0 and Firefox ESR =1.3.7) to remediate. Monitor vendor advisories for exact fixed versions per distribution.
CVE-2016-2790
The CVE-2016-2790 issue is in Graphite 2 prior to 1.3.6 (graphite2) used by Firefox/Firefox ESR. The root cause is uninitialized memory in Graphite’s TtfUtil::GetTableInfo, enabling a remote attacker to cause a denial of service or potentially other impact via a crafted Graphite font. Impact is t...
CVE-2016-2791
Summary: CVE-2016-2791 affects the Graphite 2 font library (graphite2) shipped with Graphite-based builds and Mozilla Firefox. The issue is in graphite2::GlyphCache::glyph, where a crafted Graphite font can trigger a buffer over-read, potentially allowing a denial of service and other unspecified...
CVE-2016-2792
CVE-2016-2792 affects Graphite2 (graphite2) in Graphite font rendering used by Firefox
CVE-2016-2799
Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font...
CVE-2016-1977
The Machine::Code::decoder::analysis::setref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service stack memory corruption via a crafted Graphite smart font...
CVE-2016-2791
The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font...
CVE-2016-2802
The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite...
Mozilla Firefox and Firefox ESR Graphite 2 code execution vulnerability (CNVD-2016-01593)
Firefox is an open source Web browser ; Firefox ESR is an extended support version of Firefox.Graphite is a set of Python language , written using the Django framework for enterprise-class open source system monitoring tools . A security vulnerability exists in Mozilla Firefox and Firefox ESR...
Mozilla Firefox and Firefox ESR Graphite 2 code execution vulnerability (CNVD-2016-01594)
Firefox is an open source Web browser ; Firefox ESR is an extended support version of Firefox.Graphite is a set of Python language , written using the Django framework for enterprise-class open source system monitoring tools . A security vulnerability exists in Mozilla Firefox and Firefox ESR...
Mozilla Firefox and Firefox ESR Graphite 2 Denial of Service Vulnerability (CNVD-2016-01647)
Firefox is an open source Web browser ; Firefox ESR is an extended support version of Firefox.Graphite is a set of Python language , written using the Django framework for enterprise-class open source system monitoring tools . A security vulnerability exists in Mozilla Firefox and Firefox ESR...