PublicDateAtUSN: 2016-02-08 Candidate: CVE-2016-1523 PublicDate: 2016-02-13 02:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1523 http://www.talosintel.com/reports/TALOS-2016-0059/ http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html https://ubuntu.com/security/notices/USN-2902-1 https://ubuntu.com/security/notices/USN-2904-1 Description: The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font. Ubuntu-Description: Notes: Bugs: Priority: medium Discovered-by: Yves Younan Assigned-to: mdeslaur CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM] Patches_graphite2: upstream: https://github.com/silnrsi/graphite/commit/2fc07f868146f924621307925b92a5161b7bd571 (0059) upstream: https://github.com/silnrsi/graphite/commit/6106dcbd5bc4df2e6ef6a7c632c69ca71ba2b518 (0059) upstream_graphite2: released (1.3.5-1) precise_graphite2: ignored (reached end-of-life) precise/esm_graphite2: DNE (precise was needed) trusty_graphite2: released (1.2.4-1ubuntu1.1) trusty/esm_graphite2: released (1.2.4-1ubuntu1.1) vivid/stable-phone-overlay_graphite2: ignored (reached end-of-life) vivid/ubuntu-core_graphite2: DNE wily_graphite2: released (1.2.4-3ubuntu1.1) xenial_graphite2: released (1.3.5-1ubuntu1) esm-infra/xenial_graphite2: released (1.3.5-1ubuntu1) yakkety_graphite2: released (1.3.5-1ubuntu1) zesty_graphite2: released (1.3.5-1ubuntu1) devel_graphite2: released (1.3.5-1ubuntu1) Patches_thunderbird: Priority_thunderbird: low upstream_thunderbird: released (38.6.0) precise_thunderbird: released (1:38.6.0+build1-0ubuntu0.12.04.1) precise/esm_thunderbird: DNE (precise was released [1:38.6.0+build1-0ubuntu0.12.04.1]) trusty_thunderbird: released (1:38.6.0+build1-0ubuntu0.14.04.1) trusty/esm_thunderbird: DNE (trusty was released [1:38.6.0+build1-0ubuntu0.14.04.1]) vivid_thunderbird: ignored (reached end-of-life) vivid/ubuntu-core_thunderbird: DNE vivid/stable-phone-overlay_thunderbird: DNE wily_thunderbird: released (1:38.6.0+build1-0ubuntu0.15.10.1) xenial_thunderbird: released (1:38.6.0+build1-0ubuntu1) esm-infra/xenial_thunderbird: released (1:38.6.0+build1-0ubuntu1) yakkety_thunderbird: released (1:38.6.0+build1-0ubuntu1) zesty_thunderbird: released (1:38.6.0+build1-0ubuntu1) devel_thunderbird: released (1:38.6.0+build1-0ubuntu1)