exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2016-1521

Status Candidate

Overview

The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

Related Files

Gentoo Linux Security Advisory 201701-63
Posted Jan 24, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-63 - Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. Versions less than 1.3.7 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1526, CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802
SHA-256 | 757f34c27a3b3147e33cf6b8228d59efe5f86a09ecd02431cd1f5343997a83f3
Gentoo Linux Security Advisory 201701-35
Posted Jan 13, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-35 - Multiple vulnerabilities have been found in Mozilla SeaMonkey, the worst of which could lead to the remote execution of arbitrary code. Versions less than 2.46-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1526, CVE-2016-9079
SHA-256 | edb4103926996cc60bdbdba4e04c9d073a6b3369fcdbbd4d3088d21fac388142
Red Hat Security Advisory 2016-0594-01
Posted Apr 6, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0594-01 - Graphite2 is a project within SIL's Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create "smart fonts" capable of displaying writing systems with various complex behaviors. With respect to the Text Encoding Model, Graphite handles the "Rendering" aspect of writing system implementation. The following packages have been upgraded to a newer upstream version: graphite2.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1526
SHA-256 | 8245e814f0ff3ac5cb5d50adb975b1e87e9aa2734b464dc080a69a685a6503bf
Ubuntu Security Notice USN-2902-1
Posted Feb 17, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2902-1 - Yves Younan discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially- crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1526
SHA-256 | 4ecb16d84a83cc63b11ddbf287df3bdab9b45a54ffb4113420c9511004c21441
Debian Security Advisory 3479-1
Posted Feb 16, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3479-1 - Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2016-1521, CVE-2016-1522, CVE-2016-1523
SHA-256 | d0e73d830bd0e10c507af71634a239a6ec899c968bbef3b77e0a766de4cc3467
Red Hat Security Advisory 2016-0197-01
Posted Feb 16, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0197-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.6.1 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-1521, CVE-2016-1522, CVE-2016-1523
SHA-256 | 936e217edeec064168d70fd655575a6acf9b4b927ff160b116e6463eddbf5ad3
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close