CVE-2016-2800 in Ubuntu

CVE-2016-2800 (retired)

Priority

Description

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before
1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before
38.7, allows remote attackers to cause a denial of service (buffer
over-read) or possibly have unspecified other impact via a crafted Graphite
smart font, a different vulnerability than CVE-2016-2792.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800
https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
https://bugzilla.mozilla.org/show_bug.cgi?id=1249338
https://usn.ubuntu.com/usn/usn-2917-1
https://usn.ubuntu.com/usn/usn-2927-1
https://usn.ubuntu.com/usn/usn-2934-1

Assigned-to

chrisccoulson

Package

Source: firefox (LP Ubuntu Debian)

Upstream:	released (45.0)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was released [45.0+build2-0ubuntu0.12.04.1])
Ubuntu 14.04 LTS (Trusty Tahr):	released (45.0+build2-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (45.0+build2-0ubuntu1)

Package

Source: graphite2 (LP Ubuntu Debian)

Upstream:	released (1.3.6-1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):	released (1.3.6-1ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):	released (1.3.6-1ubuntu1)

Package

Source: thunderbird (LP Ubuntu Debian)

Upstream:	released (38.7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was released [1:38.7.2+build1-0ubuntu0.12.04.1])
Ubuntu 14.04 LTS (Trusty Tahr):	released (1:38.7.2+build1-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):	released (1:38.7.2+build1-0ubuntu0.16.04.1)

More Information

Updated: 2019-03-26 12:19:39 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)