{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-02-05T00:00:00", "descriptions": [{"lang": "en", "value": "The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "openSUSE-SU-2016:0875", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00088.html"}, {"name": "GLSA-201701-35", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-35"}, {"name": "82991", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/82991"}, {"name": "USN-2902-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2902-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "RHSA-2016:0695", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0695.html"}, {"name": "RHSA-2016:0594", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0594.html"}, {"name": "openSUSE-SU-2016:0791", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html"}, {"name": "DSA-3479", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3479"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html"}, {"name": "FEDORA-2016-4154a4d0ba", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html"}, {"name": "SUSE-SU-2016:0779", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00052.html"}, {"name": "GLSA-201701-63", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-63"}, {"name": "FEDORA-2016-338a7e9925", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-14.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-1526", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2016:0875", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00088.html"}, {"name": "GLSA-201701-35", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-35"}, {"name": "82991", "refsource": "BID", "url": "http://www.securityfocus.com/bid/82991"}, {"name": "USN-2902-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2902-1"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "RHSA-2016:0695", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0695.html"}, {"name": "RHSA-2016:0594", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0594.html"}, {"name": "openSUSE-SU-2016:0791", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html"}, {"name": "DSA-3479", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3479"}, {"name": "http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html", "refsource": "MISC", "url": "http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html"}, {"name": "FEDORA-2016-4154a4d0ba", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html"}, {"name": "SUSE-SU-2016:0779", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00052.html"}, {"name": "GLSA-201701-63", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-63"}, {"name": "FEDORA-2016-338a7e9925", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html"}, {"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-14.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-14.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:02:11.867Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2016:0875", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00088.html"}, {"name": "GLSA-201701-35", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-35"}, {"name": "82991", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/82991"}, {"name": "USN-2902-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2902-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "RHSA-2016:0695", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0695.html"}, {"name": "RHSA-2016:0594", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0594.html"}, {"name": "openSUSE-SU-2016:0791", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html"}, {"name": "DSA-3479", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3479"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html"}, {"name": "FEDORA-2016-4154a4d0ba", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html"}, {"name": "SUSE-SU-2016:0779", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00052.html"}, {"name": "GLSA-201701-63", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-63"}, {"name": "FEDORA-2016-338a7e9925", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-14.html"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-1526", "datePublished": "2016-02-13T02:00:00", "dateReserved": "2016-01-07T00:00:00", "dateUpdated": "2024-08-05T23:02:11.867Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*", "matchCriteriaId": "7A1DD76B-7682-4F61-B274-115D8A9B5306", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "332589F6-C6DB-4204-97FA-B60105BBF146", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "A04D6EAE-C709-4752-976E-DB15EE6E85B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE52B8E3-3BA8-46DB-948E-958739FE91B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "818D58B7-3BA2-4CE5-9D9A-65F5B24AB6D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B50189A6-C058-46EA-9BE8-9D01E304D518", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "1F5442BB-3E3F-4E91-B76B-6B379B47E2BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "3FF3D499-08B8-4180-86C8-A38609D8938B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B1F6A91A-4C19-47FB-B538-2B1837F68C61", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "4773E493-5198-48FD-97D3-C20C36DF76E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "4E8F7CC3-9108-49C5-A0EE-DCC86A949C74", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "5189097F-65FA-4F24-89BB-2996A605C9AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "97CD0D0C-B3AB-47B2-90DB-D559BFCFC670", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9835F35-2BFD-40D3-976E-953FB7F21330", "versionEndIncluding": "38.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sil:graphite2:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "C989A1ED-6F9A-4868-9B8F-7770780CC055", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font."}, {"lang": "es", "value": "La funci\u00f3n TtfUtil:LocaLookup en TtfUtil.cpp en Libgraphite en Graphite 2 1.2.4, como se utiliza en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.6.1, valida incorrectamente un valor de tama\u00f1o, lo que permite a atacantes remotos obtener informaci\u00f3n sensible o causar una denegaci\u00f3n de servicio (lectura fuera de rango y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una fuente inteligente Graphite."}], "id": "CVE-2016-1526", "lastModified": "2018-01-05T02:30:33.900", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-02-13T02:59:12.027", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html"}, {"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00052.html"}, {"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html"}, {"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00088.html"}, {"source": "cret@cert.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-0594.html"}, {"source": "cret@cert.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-0695.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3479"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-14.html"}, {"source": "cret@cert.org", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/82991"}, {"source": "cret@cert.org", "url": "http://www.ubuntu.com/usn/USN-2902-1"}, {"source": "cret@cert.org", "url": "https://security.gentoo.org/glsa/201701-35"}, {"source": "cret@cert.org", "url": "https://security.gentoo.org/glsa/201701-63"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:0695", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:45.1.0-1.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2016-04-26T00:00:00Z"}, {"advisory": "RHSA-2016:0695", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:45.1.0-1.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-04-26T00:00:00Z"}, {"advisory": "RHSA-2016:0594", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "graphite2-0:1.3.6-1.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-04-05T00:00:00Z"}, {"advisory": "RHSA-2016:0695", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:45.1.0-1.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-04-26T00:00:00Z"}], "bugzilla": {"description": "graphite2: Out-of-bounds read vulnerability in TfUtil:LocaLookup", "id": "1308590", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308590"}, "csaw": false, "cvss": {"cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "status": "verified"}, "cwe": "CWE-125", "details": ["The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.", "A vulnerability has been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application."], "name": "CVE-2016-1526", "public_date": "2016-02-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-1526\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1526\nhttp://www.talosintel.com/reports/TALOS-2016-0061/"], "threat_severity": "Important"}