mozilla: out-of-bounds write with malicious font in graphite2 (MFSA 2016-38)

The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact via a crafted Graphite smart font...

Firefox ESR < 38.6.1 Multiple Graphite 2 Library RCE (Mac OS X)

The version of Mozilla Firefox ESR installed on the remote Mac OS X host is prior to 38.6.1. It is, therefore, affected by multiple remote code execution vulnerabilities in the Graphite 2 library : - An overflow condition exists in the Context Item functionality due to improper validation of...

Firefox ESR < 38.6.1 Multiple Graphite 2 Library RCE

The version of Mozilla Firefox ESR installed on the remote Windows host is prior to 38.6.1. It is, therefore, affected by multiple remote code execution vulnerabilities in the Graphite 2 library : - An overflow condition exists in the Context Item functionality due to improper validation of...

DSA-3479-1 graphite2 - security update

Bulletin has no description...

Debian DSA-3477-1 : iceweasel - security update

Holger Fuhrmannek discovered that missing input sanitising in the Graphite font rendering engine could result in the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisor...

Debian Security Advisory DSA 3479-1 (graphite2 - security update)

Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. OpenVAS Vulnerability Test $Id: deb3479.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from...

[SECURITY] [DSA 3477-1] iceweasel security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3477-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2016 https://www.debian.org/security/faq -...

PT-2016-1448 · Mozilla +3 · Firefox Esr +5

Name of the Vulnerable Software and Affected Versions: Graphite 2 versions prior to 1.3.6 Mozilla Firefox versions prior to 45.0 Firefox ESR 38.x versions prior to 38.6.1 Description: The issue is related to the setAttr function in Graphite 2, which can be exploited by remote attackers using a...

DSA-3477-1 iceweasel - security update

Bulletin has no description...

Debian Security Advisory DSA 3477-1 (iceweasel - security update)

Holger Fuhrmannek discovered that missing input sanitising in the Graphite font rendering engine could result in the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb3477.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3477-1 using nvtgen 1.0 Script...

DEBIAN-CVE-2016-1526

The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service out-of-bound...

CVE-2016-1526

The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service out-of-bound...

CVE-2016-1526

The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service out-of-bound...

DEBIAN-CVE-2016-1523

The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service missing initialization, NULL pointer dereference, a...

CVE-2016-1523

The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service missing initialization, NULL pointer dereference, a...

CVE-2016-1522

Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly execute arbitrary...

CVE-2016-1522

Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly execute arbitrary...

DEBIAN-CVE-2016-1522

Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly execute arbitrary...

CVE-2016-1521

The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a...

CVE-2016-1521

The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a...