Lucene search

K
ubuntuUbuntuUSN-3398-1
HistoryAug 21, 2017 - 12:00 a.m.

graphite2 vulnerabilities

2017-08-2100:00:00
ubuntu.com
66

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.2%

Releases

  • Ubuntu 17.04
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • graphite2 - Font rendering engine for Complex Scripts

Details

Holger Fuhrmannek and Tyson Smith discovered that graphite2 incorrectly
handled certain malformed fonts. If a user or automated system were tricked
into opening a specially-crafted font file, a remote attacker could use
this issue to cause graphite2 to crash, resulting in a denial of service,
or possibly execute arbitrary code.

OSVersionArchitecturePackageVersionFilename
Ubuntu17.04noarchlibgraphite2-3< 1.3.10-0ubuntu0.17.04.1UNKNOWN
Ubuntu17.04noarchlibgraphite2-3-dbgsym< 1.3.10-0ubuntu0.17.04.1UNKNOWN
Ubuntu17.04noarchlibgraphite2-dev< 1.3.10-0ubuntu0.17.04.1UNKNOWN
Ubuntu17.04noarchlibgraphite2-doc< 1.3.10-0ubuntu0.17.04.1UNKNOWN
Ubuntu16.04noarchlibgraphite2-3< 1.3.10-0ubuntu0.16.04.1UNKNOWN
Ubuntu16.04noarchlibgraphite2-3-dbgsym< 1.3.10-0ubuntu0.16.04.1UNKNOWN
Ubuntu16.04noarchlibgraphite2-dev< 1.3.10-0ubuntu0.16.04.1UNKNOWN
Ubuntu16.04noarchlibgraphite2-doc< 1.3.10-0ubuntu0.16.04.1UNKNOWN
Ubuntu14.04noarchlibgraphite2-3< 1.3.10-0ubuntu0.14.04.1UNKNOWN
Ubuntu14.04noarchlibgraphite2-3-dbg< 1.3.10-0ubuntu0.14.04.1UNKNOWN
Rows per page:
1-10 of 131

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.2%