1317560 – (CVE-2016-1969) CVE-2016-1969 mozilla: out-of-bounds write with malicious font in graphite2 (MFSA 2016-38)

Bug 1317560 (CVE-2016-1969) - CVE-2016-1969 mozilla: out-of-bounds write with malicious font in graphite2 (MFSA 2016-38)

Summary: CVE-2016-1969 mozilla: out-of-bounds write with malicious font in graphite2 (...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2016-1969
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1308507
TreeView+	depends on / blocked

Reported:	2016-03-14 14:48 UTC by Andrej Nemec
Modified:	2021-02-17 04:10 UTC (History)
CC List:	4 users (show)
Fixed In Version:	Firefox 45, Firefox ESR 38.6.1
Clone Of:
Environment:
Last Closed:	2016-03-28 05:20:27 UTC
Embargoed:

Attachments	(Terms of Use)

Description Andrej Nemec 2016-03-14 14:48:30 UTC

Security researcher James Clawson used the Address Sanitizer tool to discover an out-of-bounds write in the Graphite 2 library when loading a crafted Graphite font file. This results in a potentially exploitable crash.

External references:

https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/

Comment 1 Huzaifa S. Sidhpurwala 2016-03-28 05:20:27 UTC

This security flaw was addressed in the following Firefox update:

https://rhn.redhat.com/errata/RHSA-2016-0197.html

Note You need to log in before you can comment on or make changes to this bug.