8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.021 Low
EPSS
Percentile
88.9%
CVE-2016-1522
An exploitable NULL pointer dereference exists in the bidirectional font handling functionality of Libgraphite. A specially crafted font can cause a NULL pointer dereference resulting in a crash. An attacker can provide a malicious font to trigger this vulnerability.
Libgraphite 2-1.2.4
<http://sourceforge.net/projects/silgraphite/files/graphite2/>
The attached font will generate a NULL pointer dereference when used.
When the font is loaded via grmakefile_face, the function readFeats will be called at line 190 in the file FeatureMap.cpp in the function SillMap::readFace.
if (!m_FeatureMap.readFeats(face)) return false;
At line 110, in the function readFeats, mnumFeats will be assigned the value 0. This results in a return from the readFeats function at line 115. However the return will return the value true. This results in none of the variables in mFeatureMap being initialized even though the font will load without any errors being returned. If the function grmakeseg is later called on this font, the call to SillMap::cloneFeatures will fail at line 241 because it tries to dereference mFeatureMap.mdefaultFeatures, which is set to 0.
return new Features (*m_FeatureMap.m_defaultFeatures);
A similar error can occur at line 103 in the same function if the constructor for Table fails.
Yves Younan
Vulnerability Reports Next Report
TALOS-2016-0061
Previous Report
TALOS-2016-0059
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.021 Low
EPSS
Percentile
88.9%