Upstream information

CVE-2016-1523 at MITRE

Description

The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.30
Vector AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
CVSS v3 Scores
  National Vulnerability Database
Base Score 6.5
Vector AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Access Vector Network
Access Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Impact None
Integrity Impact None
Availability Impact High
SUSE Bugzilla entries: 965803 [RESOLVED / FIXED], 965806 [RESOLVED / FIXED], 965807 [RESOLVED / FIXED], 965810 [RESOLVED / FIXED], 967087 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP4
  • MozillaFirefox >= 38.6.1esr-34.1
  • MozillaFirefox-translations >= 38.6.1esr-34.1
Patchnames:
sledsp4-MozillaFirefox-12416
SUSE Linux Enterprise Desktop 12
  • MozillaFirefox >= 38.6.1esr-60.1
  • MozillaFirefox-translations >= 38.6.1esr-60.1
  • graphite2 >= 1.3.1-6.1
  • libgraphite2-3 >= 1.3.1-6.1
  • libgraphite2-3-32bit >= 1.3.1-6.1
Patchnames:
SUSE-SLE-DESKTOP-12-2016-307
SUSE-SLE-DESKTOP-12-2016-456
SUSE Linux Enterprise Desktop 12 SP1
  • MozillaFirefox >= 38.6.1esr-60.1
  • MozillaFirefox-translations >= 38.6.1esr-60.1
  • graphite2 >= 1.3.1-6.1
  • libgraphite2-3 >= 1.3.1-6.1
  • libgraphite2-3-32bit >= 1.3.1-6.1
Patchnames:
SUSE-SLE-DESKTOP-12-SP1-2016-307
SUSE-SLE-DESKTOP-12-SP1-2016-456
SUSE Linux Enterprise Desktop 12 SP2
  • MozillaFirefox >= 45.4.0esr-81.1
  • MozillaFirefox-translations >= 45.4.0esr-81.1
  • libgraphite2-3 >= 1.3.1-6.1
  • libgraphite2-3-32bit >= 1.3.1-6.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA MozillaFirefox
SUSE Linux Enterprise Desktop 12 SP2 GA libgraphite2-3
SUSE Linux Enterprise Server 11 SP2-LTSS
  • MozillaFirefox >= 38.6.1esr-33.1
  • MozillaFirefox-branding-SLED >= 38-15.58
  • MozillaFirefox-translations >= 38.6.1esr-33.1
  • libfreebl3 >= 3.20.2-17.5
  • libfreebl3-32bit >= 3.20.2-17.5
  • mozilla-nss >= 3.20.2-17.5
  • mozilla-nss-32bit >= 3.20.2-17.5
  • mozilla-nss-devel >= 3.20.2-17.5
  • mozilla-nss-tools >= 3.20.2-17.5
Patchnames:
slessp2-mozilla-12419
SUSE Linux Enterprise Server 11 SP4
  • MozillaFirefox >= 38.6.1esr-34.1
  • MozillaFirefox-translations >= 38.6.1esr-34.1
Patchnames:
slessp4-MozillaFirefox-12416
SUSE Linux Enterprise Server 12
  • MozillaFirefox >= 38.6.1esr-60.1
  • MozillaFirefox-translations >= 38.6.1esr-60.1
  • graphite2 >= 1.3.1-6.1
  • libgraphite2-3 >= 1.3.1-6.1
  • libgraphite2-3-32bit >= 1.3.1-6.1
Patchnames:
SUSE-SLE-SERVER-12-2016-307
SUSE-SLE-SERVER-12-2016-456
SUSE Linux Enterprise Server 12 SP1
  • MozillaFirefox >= 38.6.1esr-60.1
  • MozillaFirefox-translations >= 38.6.1esr-60.1
  • graphite2 >= 1.3.1-6.1
  • libgraphite2-3 >= 1.3.1-6.1
  • libgraphite2-3-32bit >= 1.3.1-6.1
Patchnames:
SUSE-SLE-SERVER-12-SP1-2016-307
SUSE-SLE-SERVER-12-SP1-2016-456
SUSE Linux Enterprise Server 12 SP2
  • MozillaFirefox >= 45.4.0esr-81.1
  • MozillaFirefox-translations >= 45.4.0esr-81.1
  • libgraphite2-3 >= 1.3.1-6.1
  • libgraphite2-3-32bit >= 1.3.1-6.1
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA MozillaFirefox
SUSE Linux Enterprise Server 12 SP2 GA libgraphite2-3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • MozillaFirefox >= 45.4.0esr-81.1
  • MozillaFirefox-translations >= 45.4.0esr-81.1
  • libgraphite2-3 >= 1.3.1-6.1
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA MozillaFirefox
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libgraphite2-3
SUSE Linux Enterprise Software Development Kit 11 SP4
  • MozillaFirefox >= 38.6.1esr-34.1
  • MozillaFirefox-devel >= 38.6.1esr-34.1
Patchnames:
sdksp4-MozillaFirefox-12416
SUSE Linux Enterprise Software Development Kit 12
  • MozillaFirefox >= 38.6.1esr-60.1
  • MozillaFirefox-devel >= 38.6.1esr-60.1
  • graphite2 >= 1.3.1-6.1
  • graphite2-devel >= 1.3.1-6.1
Patchnames:
SUSE-SLE-SDK-12-2016-307
SUSE-SLE-SDK-12-2016-456
SUSE Linux Enterprise Software Development Kit 12 SP1
  • MozillaFirefox >= 38.6.1esr-60.1
  • MozillaFirefox-devel >= 38.6.1esr-60.1
  • graphite2 >= 1.3.1-6.1
  • graphite2-devel >= 1.3.1-6.1
Patchnames:
SUSE-SLE-SDK-12-SP1-2016-307
SUSE-SLE-SDK-12-SP1-2016-456
SUSE Linux Enterprise Software Development Kit 12 SP2
  • MozillaFirefox-devel >= 45.4.0esr-81.1
  • graphite2-devel >= 1.3.1-6.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA MozillaFirefox-devel
SUSE Linux Enterprise Software Development Kit 12 SP2 GA graphite2-devel
openSUSE 13.2
  • graphite2 >= 1.2.4-2.4.1
  • graphite2-debuginfo >= 1.2.4-2.4.1
  • graphite2-debugsource >= 1.2.4-2.4.1
  • graphite2-devel >= 1.2.4-2.4.1
  • libgraphite2-3 >= 1.2.4-2.4.1
  • libgraphite2-3-32bit >= 1.2.4-2.4.1
  • libgraphite2-3-debuginfo >= 1.2.4-2.4.1
  • libgraphite2-3-debuginfo-32bit >= 1.2.4-2.4.1
Patchnames:
openSUSE-2016-349
openSUSE Leap 42.1
  • graphite2 >= 1.3.1-3.1
  • graphite2-debuginfo >= 1.3.1-3.1
  • graphite2-debugsource >= 1.3.1-3.1
  • graphite2-devel >= 1.3.1-3.1
  • libgraphite2-3 >= 1.3.1-3.1
  • libgraphite2-3-32bit >= 1.3.1-3.1
  • libgraphite2-3-debuginfo >= 1.3.1-3.1
  • libgraphite2-3-debuginfo-32bit >= 1.3.1-3.1
Patchnames:
openSUSE-2016-389
openSUSE Leap 42.2
  • graphite2-devel >= 1.3.1-3.6
  • libgraphite2-3 >= 1.3.1-3.6
  • libgraphite2-3-32bit >= 1.3.1-3.6
Patchnames:
openSUSE Leap 42.2 GA graphite2-devel