CVE-2016-1969 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787 — Out-of-bounds Write8 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 35.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SIL Graphite2 Mozilla Firefox

Timeline

PublishedMar 13

Latest updateMay 17

Description

The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDmozilla/firefox44.0.2+12

▶Debiansil/graphite2< 1.3.6-1+3

▶NVDsil/graphite21.3.5

🔴Vulnerability Details

GHSA

GHSA-29w8-qmxg-g64x: The setAttr function in Graphite 2 before 1↗2022-05-17

▶

CVEList

CVE-2016-1969: The setAttr function in Graphite 2 before 1↗2016-03-13

▶

OSV

CVE-2016-1969: The setAttr function in Graphite 2 before 1↗2016-03-13

▶

📋Vendor Advisories

Red Hat

mozilla: out-of-bounds write with malicious font in graphite2 (MFSA 2016-38)↗2016-03-08

▶

Debian

CVE-2016-1969: firefox - The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox befo...↗2016

▶

💬Community

Bugzilla

CVE-2016-5398 stored XSS in JBoss BPM suite business process editor↗2016-07-20

▶

Bugzilla

CVE-2016-1969 mozilla: out-of-bounds write with malicious font in graphite2 (MFSA 2016-38)↗2016-03-14

▶