{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-02-05T00:00:00", "descriptions": [{"lang": "en", "value": "Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "GLSA-201701-35", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-35"}, {"name": "82991", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/82991"}, {"name": "USN-2902-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2902-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "RHSA-2016:0594", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0594.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"name": "openSUSE-SU-2016:0791", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html"}, {"name": "DSA-3479", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3479"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html"}, {"name": "RHSA-2016:0258", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0258.html"}, {"name": "FEDORA-2016-4154a4d0ba", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html"}, {"name": "RHSA-2016:0197", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0197.html"}, {"name": "GLSA-201701-63", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-63"}, {"name": "FEDORA-2016-338a7e9925", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-14.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-1522", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201701-35", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-35"}, {"name": "82991", "refsource": "BID", "url": "http://www.securityfocus.com/bid/82991"}, {"name": "USN-2902-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2902-1"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "RHSA-2016:0594", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0594.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"name": "openSUSE-SU-2016:0791", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html"}, {"name": "DSA-3479", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3479"}, {"name": "http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html", "refsource": "MISC", "url": "http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html"}, {"name": "RHSA-2016:0258", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0258.html"}, {"name": "FEDORA-2016-4154a4d0ba", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html"}, {"name": "RHSA-2016:0197", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0197.html"}, {"name": "GLSA-201701-63", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-63"}, {"name": "FEDORA-2016-338a7e9925", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html"}, {"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-14.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-14.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:02:11.533Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201701-35", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-35"}, {"name": "82991", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/82991"}, {"name": "USN-2902-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2902-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "RHSA-2016:0594", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0594.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"name": "openSUSE-SU-2016:0791", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html"}, {"name": "DSA-3479", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3479"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html"}, {"name": "RHSA-2016:0258", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0258.html"}, {"name": "FEDORA-2016-4154a4d0ba", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html"}, {"name": "RHSA-2016:0197", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0197.html"}, {"name": "GLSA-201701-63", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-63"}, {"name": "FEDORA-2016-338a7e9925", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-14.html"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-1522", "datePublished": "2016-02-13T02:00:00", "dateReserved": "2016-01-07T00:00:00", "dateUpdated": "2024-08-05T23:02:11.533Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*", "matchCriteriaId": "7A1DD76B-7682-4F61-B274-115D8A9B5306", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "332589F6-C6DB-4204-97FA-B60105BBF146", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "A04D6EAE-C709-4752-976E-DB15EE6E85B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE52B8E3-3BA8-46DB-948E-958739FE91B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "818D58B7-3BA2-4CE5-9D9A-65F5B24AB6D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B50189A6-C058-46EA-9BE8-9D01E304D518", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "1F5442BB-3E3F-4E91-B76B-6B379B47E2BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "3FF3D499-08B8-4180-86C8-A38609D8938B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B1F6A91A-4C19-47FB-B538-2B1837F68C61", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "4773E493-5198-48FD-97D3-C20C36DF76E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "4E8F7CC3-9108-49C5-A0EE-DCC86A949C74", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "5189097F-65FA-4F24-89BB-2996A605C9AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "97CD0D0C-B3AB-47B2-90DB-D559BFCFC670", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9835F35-2BFD-40D3-976E-953FB7F21330", "versionEndIncluding": "38.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sil:graphite2:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "C989A1ED-6F9A-4868-9B8F-7770780CC055", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font."}, {"lang": "es", "value": "Code.cpp en Libgraphite en Graphite 2 1.2.4, como se utiliza en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.6.1, no considera las llamadas recursivas de carga durante una comprobaci\u00f3n de tama\u00f1o, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (desbordamiento d buffer basado en memoria din\u00e1mica) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una fuente inteligente Graphite."}], "id": "CVE-2016-1522", "lastModified": "2017-07-01T01:29:33.907", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-02-13T02:59:07.930", "references": [{"source": "cret@cert.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html"}, {"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html"}, {"source": "cret@cert.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-0197.html"}, {"source": "cret@cert.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-0258.html"}, {"source": "cret@cert.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-0594.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3479"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-14.html"}, {"source": "cret@cert.org", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"source": "cret@cert.org", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/82991"}, {"source": "cret@cert.org", "url": "http://www.ubuntu.com/usn/USN-2902-1"}, {"source": "cret@cert.org", "url": "https://security.gentoo.org/glsa/201701-35"}, {"source": "cret@cert.org", "url": "https://security.gentoo.org/glsa/201701-63"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:0197", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:38.6.1-1.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2016-02-16T00:00:00Z"}, {"advisory": "RHSA-2016:0258", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "thunderbird-0:38.6.0-1.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2016-02-18T00:00:00Z"}, {"advisory": "RHSA-2016:0197", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:38.6.1-1.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-02-16T00:00:00Z"}, {"advisory": "RHSA-2016:0258", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:38.6.0-1.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-02-18T00:00:00Z"}, {"advisory": "RHSA-2016:0197", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:38.6.1-1.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-02-16T00:00:00Z"}, {"advisory": "RHSA-2016:0258", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:38.6.0-1.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-02-18T00:00:00Z"}, {"advisory": "RHSA-2016:0594", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "graphite2-0:1.3.6-1.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-04-05T00:00:00Z"}], "bugzilla": {"description": "graphite2: Null pointer dereference and out-of-bounds access vulnerabilities", "id": "1305810", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1305810"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-476", "details": ["Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.", "A vulnerability has been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application."], "name": "CVE-2016-1522", "public_date": "2016-02-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-1522\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1522\nhttp://www.talosintel.com/reports/TALOS-2016-0057/\nhttp://www.talosintel.com/reports/TALOS-2016-0060/"], "threat_severity": "Important"}