Home

CVE-2016-1521

Description

The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.846

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2016-1521 are affected in Mozilla Firefox 42.0Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 38.1.0Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 38.1.0Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 38.0.1Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 38.0.5Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 38.1.1Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 38.2.0Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 38.2.1Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 38.0.1Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 38.0.5Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 38.1.1Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 38.2.0Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 38.2.1Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 38.3.0Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 38.4.0Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 42.0Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 38.3.0Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 38.4.0Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 42.0Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 38.5.0Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 38.5.1Windows
Vulnerabilities CVE-2016-1521,CVE-2016-1522,CVE-2016-1523,CVE-2016-1526 are affected in Mozilla Firefox (x64) 38.5.2Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 38.6.0Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 38.5.0Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 38.5.1Windows
Vulnerabilities CVE-2016-1521,CVE-2016-1522,CVE-2016-1523,CVE-2016-1526 are affected in Mozilla_Firefox 38.5.2Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 38.6.0Windows
Font rendering engine for Complex Scripts (USN-2902-1) libgraphite2-3_1.2.4-1ubuntu1.1_i386.debLinux
Font rendering engine for Complex Scripts (USN-2902-1) libgraphite2-3_1.2.4-1ubuntu1.1_amd64.debLinux
Font rendering engine for Complex Scripts (USN-2902-1) libgraphite2-3_1.2.4-3ubuntu1.1_i386.debLinux
Font rendering engine for Complex Scripts (USN-2902-1) libgraphite2-3_1.2.4-3ubuntu1.1_amd64.debLinux
SUSE-SU-2016:0779-1(SUSE Linux Enterprise Desktop 12 ) graphite2-debuginfo-1.3.1-6.1.x86_64.rpmLinux
SUSE-SU-2016:0779-1(SUSE Linux Enterprise Desktop 12 ) graphite2-debugsource-1.3.1-6.1.x86_64.rpmLinux
SUSE-SU-2016:0779-1(SUSE Linux Enterprise Desktop 12 ) libgraphite2-3-1.3.1-6.1.x86_64.rpmLinux
SUSE-SU-2016:0779-1(SUSE Linux Enterprise Desktop 12 ) libgraphite2-3-32bit-1.3.1-6.1.x86_64.rpmLinux
SUSE-SU-2016:0779-1(SUSE Linux Enterprise Desktop 12 ) libgraphite2-3-debuginfo-1.3.1-6.1.x86_64.rpmLinux
SUSE-SU-2016:0779-1(SUSE Linux Enterprise Desktop 12 ) libgraphite2-3-debuginfo-32bit-1.3.1-6.1.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-343015Mozilla Firefox (132.0.2)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234