CVE-2016-1523Heap-based Buffer Overflow in Mozilla Thunderbird

CWE-122Heap-based Buffer Overflow11 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
1.3%
top 19.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
SIL Graphite2Mozilla ThunderbirdDebian Linux+2 more
Timeline
PublishedFeb 13
Latest updateMay 17

Description

The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

NVDmozilla/firefox13 versions+12
Debiansil/graphite2< 1.3.5-1+3
NVDsil/graphite21.2.4

Also affects: Debian Linux 7.0, 8.0, Fedora 22, 23

Patches

Patch: www.mozilla.orgPatch: www.mozilla.org

🔴Vulnerability Details

4
GHSA
GHSA-996f-83x4-9fpc: The SillMap::readFace function in FeatureMap2022-05-17
OSV
thunderbird vulnerabilities2016-03-08
OSV
CVE-2016-1523: The SillMap::readFace function in FeatureMap2016-02-13
CVEList
CVE-2016-1523: The SillMap::readFace function in FeatureMap2016-02-13

📋Vendor Advisories

4
Ubuntu
Thunderbird vulnerabilities2016-03-08
Ubuntu
graphite2 vulnerabilities2016-02-17
Red Hat
graphite2: Heap-based buffer overflow in context item handling functionality2016-02-05
Debian
CVE-2016-1523: graphite2 - The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1....2016

💬Community

2
Bugzilla
CVE-2016-1523 graphite2: Heap-based buffer overflow in context item handling functionality [fedora-all]2016-02-09
Bugzilla
CVE-2016-1523 graphite2: Heap-based buffer overflow in context item handling functionality2016-02-09
CVE-2016-1523 — Heap-based Buffer Overflow in Mozilla | cvebase