CVE-2016-2795

Upstream information

CVE-2016-2795 at MITRE

Description

The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.

SUSE information

CVSS v2 Scores
	National Vulnerability Database
Base Score	6.82
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	Partial
Availability Impact	Partial

CVSS v3 Scores
	National Vulnerability Database
Base Score	8.8
Vector	AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Access Vector	Network
Access Complexity	Low
Privileges Required	None
User Interaction	Required
Scope	Unchanged
Confidentiality Impact	High
Integrity Impact	High
Availability Impact	High

No SUSE Bugzilla entries cross referenced.

SUSE Security Advisories:

SUSE-SU-2016:0727-1, published Fri, 11 Mar 2016 20:11:56 +0100 (CET)
SUSE-SU-2016:0777-1, published Tue, 15 Mar 2016 19:12:14 +0100 (CET)
SUSE-SU-2016:0909-1, published Wed, 30 Mar 2016 15:07:52 +0200 (CEST)
openSUSE-SU-2016:0731-1, published Sat, 12 Mar 2016 00:12:33 +0100 (CET)
openSUSE-SU-2016:0733-1, published Sat, 12 Mar 2016 13:12:05 +0100 (CET)
openSUSE-SU-2016:0876-1, published Thu, 24 Mar 2016 15:09:11 +0100 (CET)
openSUSE-SU-2016:0894-1, published Sat, 26 Mar 2016 17:08:36 +0100 (CET)
openSUSE-SU-2016:1767-1, published Sun, 10 Jul 2016 16:08:00 +0200 (CEST)
openSUSE-SU-2016:1769-1, published Mon, 11 Jul 2016 00:08:02 +0200 (CEST)
openSUSE-SU-2016:1778-1, published Mon, 11 Jul 2016 00:13:17 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Desktop 11 SP4	`MozillaFirefox >= 38.7.0esr-37.3` `MozillaFirefox-translations >= 38.7.0esr-37.3` `libfreebl3 >= 3.20.2-28.1` `libfreebl3-32bit >= 3.20.2-28.1` `libsoftokn3 >= 3.20.2-28.1` `libsoftokn3-32bit >= 3.20.2-28.1` `mozilla-nspr >= 4.12-24.1` `mozilla-nspr-32bit >= 4.12-24.1` `mozilla-nss >= 3.20.2-28.1` `mozilla-nss-32bit >= 3.20.2-28.1` `mozilla-nss-tools >= 3.20.2-28.1`	Patchnames: sledsp4-MozillaFirefox-20160309-12458
SUSE Linux Enterprise Desktop 12	`MozillaFirefox >= 38.7.0esr-63.3` `MozillaFirefox-translations >= 38.7.0esr-63.3` `libfreebl3 >= 3.20.2-40.1` `libfreebl3-32bit >= 3.20.2-40.1` `libsoftokn3 >= 3.20.2-40.1` `libsoftokn3-32bit >= 3.20.2-40.1` `mozilla-nspr >= 4.12-12.1` `mozilla-nspr-32bit >= 4.12-12.1` `mozilla-nss >= 3.20.2-40.1` `mozilla-nss-32bit >= 3.20.2-40.1` `mozilla-nss-certs >= 3.20.2-40.1` `mozilla-nss-certs-32bit >= 3.20.2-40.1` `mozilla-nss-sysinit >= 3.20.2-40.1` `mozilla-nss-sysinit-32bit >= 3.20.2-40.1` `mozilla-nss-tools >= 3.20.2-40.1`	Patchnames: SUSE-SLE-DESKTOP-12-2016-419
SUSE Linux Enterprise Desktop 12 SP1	`MozillaFirefox >= 38.7.0esr-63.3` `MozillaFirefox-translations >= 38.7.0esr-63.3` `libfreebl3 >= 3.20.2-40.1` `libfreebl3-32bit >= 3.20.2-40.1` `libsoftokn3 >= 3.20.2-40.1` `libsoftokn3-32bit >= 3.20.2-40.1` `mozilla-nspr >= 4.12-12.1` `mozilla-nspr-32bit >= 4.12-12.1` `mozilla-nss >= 3.20.2-40.1` `mozilla-nss-32bit >= 3.20.2-40.1` `mozilla-nss-certs >= 3.20.2-40.1` `mozilla-nss-certs-32bit >= 3.20.2-40.1` `mozilla-nss-sysinit >= 3.20.2-40.1` `mozilla-nss-sysinit-32bit >= 3.20.2-40.1` `mozilla-nss-tools >= 3.20.2-40.1`	Patchnames: SUSE-SLE-DESKTOP-12-SP1-2016-419
SUSE Linux Enterprise Desktop 12 SP2	`MozillaFirefox >= 45.4.0esr-81.1` `MozillaFirefox-translations >= 45.4.0esr-81.1`	Patchnames: SUSE Linux Enterprise Desktop 12 SP2 GA MozillaFirefox
SUSE Linux Enterprise Server 11 SP2-LTSS	`MozillaFirefox >= 38.7.0esr-36.3` `MozillaFirefox-translations >= 38.7.0esr-36.3` `libfreebl3 >= 3.20.2-20.1` `libfreebl3-32bit >= 3.20.2-20.1` `mozilla-nspr >= 4.12-19.1` `mozilla-nspr-32bit >= 4.12-19.1` `mozilla-nspr-devel >= 4.12-19.1` `mozilla-nss >= 3.20.2-20.1` `mozilla-nss-32bit >= 3.20.2-20.1` `mozilla-nss-devel >= 3.20.2-20.1` `mozilla-nss-tools >= 3.20.2-20.1`	Patchnames: slessp2-firefox-20160310-12483
SUSE Linux Enterprise Server 11 SP3-LTSS	`MozillaFirefox >= 38.7.0esr-37.3` `MozillaFirefox-translations >= 38.7.0esr-37.3` `libfreebl3 >= 3.20.2-28.1` `libfreebl3-32bit >= 3.20.2-28.1` `libsoftokn3 >= 3.20.2-28.1` `libsoftokn3-32bit >= 3.20.2-28.1` `mozilla-nspr >= 4.12-24.1` `mozilla-nspr-32bit >= 4.12-24.1` `mozilla-nss >= 3.20.2-28.1` `mozilla-nss-32bit >= 3.20.2-28.1` `mozilla-nss-tools >= 3.20.2-28.1`	Patchnames: slessp3-MozillaFirefox-20160309-12458
SUSE Linux Enterprise Server 11 SP4	`MozillaFirefox >= 38.7.0esr-37.3` `MozillaFirefox-translations >= 38.7.0esr-37.3` `libfreebl3 >= 3.20.2-28.1` `libfreebl3-32bit >= 3.20.2-28.1` `libfreebl3-x86 >= 3.20.2-28.1` `libsoftokn3 >= 3.20.2-28.1` `libsoftokn3-32bit >= 3.20.2-28.1` `libsoftokn3-x86 >= 3.20.2-28.1` `mozilla-nspr >= 4.12-24.1` `mozilla-nspr-32bit >= 4.12-24.1` `mozilla-nspr-x86 >= 4.12-24.1` `mozilla-nss >= 3.20.2-28.1` `mozilla-nss-32bit >= 3.20.2-28.1` `mozilla-nss-tools >= 3.20.2-28.1` `mozilla-nss-x86 >= 3.20.2-28.1`	Patchnames: slessp4-MozillaFirefox-20160309-12458
SUSE Linux Enterprise Server 12	`MozillaFirefox >= 38.7.0esr-63.3` `MozillaFirefox-translations >= 38.7.0esr-63.3` `libfreebl3 >= 3.20.2-40.1` `libfreebl3-32bit >= 3.20.2-40.1` `libfreebl3-hmac >= 3.20.2-40.1` `libfreebl3-hmac-32bit >= 3.20.2-40.1` `libsoftokn3 >= 3.20.2-40.1` `libsoftokn3-32bit >= 3.20.2-40.1` `libsoftokn3-hmac >= 3.20.2-40.1` `libsoftokn3-hmac-32bit >= 3.20.2-40.1` `mozilla-nspr >= 4.12-12.1` `mozilla-nspr-32bit >= 4.12-12.1` `mozilla-nss >= 3.20.2-40.1` `mozilla-nss-32bit >= 3.20.2-40.1` `mozilla-nss-certs >= 3.20.2-40.1` `mozilla-nss-certs-32bit >= 3.20.2-40.1` `mozilla-nss-sysinit >= 3.20.2-40.1` `mozilla-nss-sysinit-32bit >= 3.20.2-40.1` `mozilla-nss-tools >= 3.20.2-40.1`	Patchnames: SUSE-SLE-SERVER-12-2016-419
SUSE Linux Enterprise Server 12 SP1	`MozillaFirefox >= 38.7.0esr-63.3` `MozillaFirefox-translations >= 38.7.0esr-63.3` `libfreebl3 >= 3.20.2-40.1` `libfreebl3-32bit >= 3.20.2-40.1` `libfreebl3-hmac >= 3.20.2-40.1` `libfreebl3-hmac-32bit >= 3.20.2-40.1` `libsoftokn3 >= 3.20.2-40.1` `libsoftokn3-32bit >= 3.20.2-40.1` `libsoftokn3-hmac >= 3.20.2-40.1` `libsoftokn3-hmac-32bit >= 3.20.2-40.1` `mozilla-nspr >= 4.12-12.1` `mozilla-nspr-32bit >= 4.12-12.1` `mozilla-nss >= 3.20.2-40.1` `mozilla-nss-32bit >= 3.20.2-40.1` `mozilla-nss-certs >= 3.20.2-40.1` `mozilla-nss-certs-32bit >= 3.20.2-40.1` `mozilla-nss-sysinit >= 3.20.2-40.1` `mozilla-nss-sysinit-32bit >= 3.20.2-40.1` `mozilla-nss-tools >= 3.20.2-40.1`	Patchnames: SUSE-SLE-SERVER-12-SP1-2016-419
SUSE Linux Enterprise Server 12 SP2	`MozillaFirefox >= 45.4.0esr-81.1` `MozillaFirefox-translations >= 45.4.0esr-81.1`	Patchnames: SUSE Linux Enterprise Server 12 SP2 GA MozillaFirefox
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2	`MozillaFirefox >= 45.4.0esr-81.1` `MozillaFirefox-translations >= 45.4.0esr-81.1`	Patchnames: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA MozillaFirefox
SUSE Linux Enterprise Software Development Kit 11 SP4	`MozillaFirefox >= 38.7.0esr-37.3` `MozillaFirefox-devel >= 38.7.0esr-37.3` `mozilla-nspr >= 4.12-24.1` `mozilla-nspr-devel >= 4.12-24.1` `mozilla-nss >= 3.20.2-28.1` `mozilla-nss-devel >= 3.20.2-28.1`	Patchnames: sdksp4-MozillaFirefox-20160309-12458
SUSE Linux Enterprise Software Development Kit 12	`MozillaFirefox >= 38.7.0esr-63.3` `MozillaFirefox-devel >= 38.7.0esr-63.3` `mozilla-nspr >= 4.12-12.1` `mozilla-nspr-devel >= 4.12-12.1` `mozilla-nss >= 3.20.2-40.1` `mozilla-nss-devel >= 3.20.2-40.1`	Patchnames: SUSE-SLE-SDK-12-2016-419
SUSE Linux Enterprise Software Development Kit 12 SP1	`MozillaFirefox >= 38.7.0esr-63.3` `MozillaFirefox-devel >= 38.7.0esr-63.3` `mozilla-nspr >= 4.12-12.1` `mozilla-nspr-devel >= 4.12-12.1` `mozilla-nss >= 3.20.2-40.1` `mozilla-nss-devel >= 3.20.2-40.1`	Patchnames: SUSE-SLE-SDK-12-SP1-2016-419
SUSE Linux Enterprise Software Development Kit 12 SP2	`MozillaFirefox-devel >= 45.4.0esr-81.1`	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP2 GA MozillaFirefox-devel
SUSE Linux Enterprise Server 10 SP4 LTSS for x86	`MozillaFirefox >= 38.7.0esr-0.5.1` `MozillaFirefox-translations >= 38.7.0esr-0.5.1` `mozilla-nspr >= 4.12-0.5.1` `mozilla-nspr-devel >= 4.12-0.5.1` `mozilla-nss >= 3.20.2-0.7.2` `mozilla-nss-devel >= 3.20.2-0.7.2` `mozilla-nss-tools >= 3.20.2-0.7.2`	Builds ZYPP Patch Nr: 9244
SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit	`MozillaFirefox >= 38.7.0esr-0.5.1` `MozillaFirefox-translations >= 38.7.0esr-0.5.1` `mozilla-nspr >= 4.12-0.5.1` `mozilla-nspr-32bit >= 4.12-0.5.1` `mozilla-nspr-devel >= 4.12-0.5.1` `mozilla-nss >= 3.20.2-0.7.2` `mozilla-nss-32bit >= 3.20.2-0.7.2` `mozilla-nss-devel >= 3.20.2-0.7.2` `mozilla-nss-tools >= 3.20.2-0.7.2`	Builds ZYPP Patch Nr: 9244
openSUSE 13.1	`MozillaFirefox >= 45.0-109.1` `MozillaFirefox-branding-upstream >= 45.0-109.1` `MozillaFirefox-buildsymbols >= 45.0-109.1` `MozillaFirefox-debuginfo >= 45.0-109.1` `MozillaFirefox-debugsource >= 45.0-109.1` `MozillaFirefox-devel >= 45.0-109.1` `MozillaFirefox-translations-common >= 45.0-109.1` `MozillaFirefox-translations-other >= 45.0-109.1` `MozillaThunderbird >= 45.2-70.83.1` `MozillaThunderbird-buildsymbols >= 45.2-70.83.1` `MozillaThunderbird-debuginfo >= 45.2-70.83.1` `MozillaThunderbird-debugsource >= 45.2-70.83.1` `MozillaThunderbird-devel >= 45.2-70.83.1` `MozillaThunderbird-translations-common >= 45.2-70.83.1` `MozillaThunderbird-translations-other >= 45.2-70.83.1` `libfreebl3 >= 3.21.1-74.1` `libfreebl3-32bit >= 3.21.1-74.1` `libfreebl3-debuginfo >= 3.21.1-74.1` `libfreebl3-debuginfo-32bit >= 3.21.1-74.1` `libsoftokn3 >= 3.21.1-74.1` `libsoftokn3-32bit >= 3.21.1-74.1` `libsoftokn3-debuginfo >= 3.21.1-74.1` `libsoftokn3-debuginfo-32bit >= 3.21.1-74.1` `mozilla-nspr >= 4.12-34.1` `mozilla-nspr-32bit >= 4.12-34.1` `mozilla-nspr-debuginfo >= 4.12-34.1` `mozilla-nspr-debuginfo-32bit >= 4.12-34.1` `mozilla-nspr-debugsource >= 4.12-34.1` `mozilla-nspr-devel >= 4.12-34.1` `mozilla-nss >= 3.21.1-74.1` `mozilla-nss-32bit >= 3.21.1-74.1` `mozilla-nss-certs >= 3.21.1-74.1` `mozilla-nss-certs-32bit >= 3.21.1-74.1` `mozilla-nss-certs-debuginfo >= 3.21.1-74.1` `mozilla-nss-certs-debuginfo-32bit >= 3.21.1-74.1` `mozilla-nss-debuginfo >= 3.21.1-74.1` `mozilla-nss-debuginfo-32bit >= 3.21.1-74.1` `mozilla-nss-debugsource >= 3.21.1-74.1` `mozilla-nss-devel >= 3.21.1-74.1` `mozilla-nss-sysinit >= 3.21.1-74.1` `mozilla-nss-sysinit-32bit >= 3.21.1-74.1` `mozilla-nss-sysinit-debuginfo >= 3.21.1-74.1` `mozilla-nss-sysinit-debuginfo-32bit >= 3.21.1-74.1` `mozilla-nss-tools >= 3.21.1-74.1` `mozilla-nss-tools-debuginfo >= 3.21.1-74.1`	Patchnames: 2016-334 2016-402 2016-848
openSUSE 13.2	`MozillaFirefox >= 45.0-65.1` `MozillaFirefox-branding-upstream >= 45.0-65.1` `MozillaFirefox-buildsymbols >= 45.0-65.1` `MozillaFirefox-debuginfo >= 45.0-65.1` `MozillaFirefox-debugsource >= 45.0-65.1` `MozillaFirefox-devel >= 45.0-65.1` `MozillaFirefox-translations-common >= 45.0-65.1` `MozillaFirefox-translations-other >= 45.0-65.1` `MozillaThunderbird >= 45.2-43.1` `MozillaThunderbird-buildsymbols >= 45.2-43.1` `MozillaThunderbird-debuginfo >= 45.2-43.1` `MozillaThunderbird-debugsource >= 45.2-43.1` `MozillaThunderbird-devel >= 45.2-43.1` `MozillaThunderbird-translations-common >= 45.2-43.1` `MozillaThunderbird-translations-other >= 45.2-43.1` `libfreebl3 >= 3.21.1-28.1` `libfreebl3-32bit >= 3.21.1-28.1` `libfreebl3-debuginfo >= 3.21.1-28.1` `libfreebl3-debuginfo-32bit >= 3.21.1-28.1` `libsoftokn3 >= 3.21.1-28.1` `libsoftokn3-32bit >= 3.21.1-28.1` `libsoftokn3-debuginfo >= 3.21.1-28.1` `libsoftokn3-debuginfo-32bit >= 3.21.1-28.1` `mozilla-nspr >= 4.12-15.1` `mozilla-nspr-32bit >= 4.12-15.1` `mozilla-nspr-debuginfo >= 4.12-15.1` `mozilla-nspr-debuginfo-32bit >= 4.12-15.1` `mozilla-nspr-debugsource >= 4.12-15.1` `mozilla-nspr-devel >= 4.12-15.1` `mozilla-nss >= 3.21.1-28.1` `mozilla-nss-32bit >= 3.21.1-28.1` `mozilla-nss-certs >= 3.21.1-28.1` `mozilla-nss-certs-32bit >= 3.21.1-28.1` `mozilla-nss-certs-debuginfo >= 3.21.1-28.1` `mozilla-nss-certs-debuginfo-32bit >= 3.21.1-28.1` `mozilla-nss-debuginfo >= 3.21.1-28.1` `mozilla-nss-debuginfo-32bit >= 3.21.1-28.1` `mozilla-nss-debugsource >= 3.21.1-28.1` `mozilla-nss-devel >= 3.21.1-28.1` `mozilla-nss-sysinit >= 3.21.1-28.1` `mozilla-nss-sysinit-32bit >= 3.21.1-28.1` `mozilla-nss-sysinit-debuginfo >= 3.21.1-28.1` `mozilla-nss-sysinit-debuginfo-32bit >= 3.21.1-28.1` `mozilla-nss-tools >= 3.21.1-28.1` `mozilla-nss-tools-debuginfo >= 3.21.1-28.1`	Patchnames: openSUSE-2016-332 openSUSE-2016-395 openSUSE-2016-851
openSUSE Leap 42.1	`MozillaFirefox >= 45.0-18.1` `MozillaFirefox-branding-upstream >= 45.0-18.1` `MozillaFirefox-buildsymbols >= 45.0-18.1` `MozillaFirefox-debuginfo >= 45.0-18.1` `MozillaFirefox-debugsource >= 45.0-18.1` `MozillaFirefox-devel >= 45.0-18.1` `MozillaFirefox-translations-common >= 45.0-18.1` `MozillaFirefox-translations-other >= 45.0-18.1` `MozillaThunderbird >= 45.2-16.1` `MozillaThunderbird-buildsymbols >= 45.2-16.1` `MozillaThunderbird-debuginfo >= 45.2-16.1` `MozillaThunderbird-debugsource >= 45.2-16.1` `MozillaThunderbird-devel >= 45.2-16.1` `MozillaThunderbird-translations-common >= 45.2-16.1` `MozillaThunderbird-translations-other >= 45.2-16.1` `libfreebl3 >= 3.21.1-12.1` `libfreebl3-32bit >= 3.21.1-12.1` `libfreebl3-debuginfo >= 3.21.1-12.1` `libfreebl3-debuginfo-32bit >= 3.21.1-12.1` `libsoftokn3 >= 3.21.1-12.1` `libsoftokn3-32bit >= 3.21.1-12.1` `libsoftokn3-debuginfo >= 3.21.1-12.1` `libsoftokn3-debuginfo-32bit >= 3.21.1-12.1` `mozilla-nspr >= 4.12-10.1` `mozilla-nspr-32bit >= 4.12-10.1` `mozilla-nspr-debuginfo >= 4.12-10.1` `mozilla-nspr-debuginfo-32bit >= 4.12-10.1` `mozilla-nspr-debugsource >= 4.12-10.1` `mozilla-nspr-devel >= 4.12-10.1` `mozilla-nss >= 3.21.1-12.1` `mozilla-nss-32bit >= 3.21.1-12.1` `mozilla-nss-certs >= 3.21.1-12.1` `mozilla-nss-certs-32bit >= 3.21.1-12.1` `mozilla-nss-certs-debuginfo >= 3.21.1-12.1` `mozilla-nss-certs-debuginfo-32bit >= 3.21.1-12.1` `mozilla-nss-debuginfo >= 3.21.1-12.1` `mozilla-nss-debuginfo-32bit >= 3.21.1-12.1` `mozilla-nss-debugsource >= 3.21.1-12.1` `mozilla-nss-devel >= 3.21.1-12.1` `mozilla-nss-sysinit >= 3.21.1-12.1` `mozilla-nss-sysinit-32bit >= 3.21.1-12.1` `mozilla-nss-sysinit-debuginfo >= 3.21.1-12.1` `mozilla-nss-sysinit-debuginfo-32bit >= 3.21.1-12.1` `mozilla-nss-tools >= 3.21.1-12.1` `mozilla-nss-tools-debuginfo >= 3.21.1-12.1`	Patchnames: openSUSE-2016-332 openSUSE-2016-395 openSUSE-2016-851
openSUSE Leap 42.2	`MozillaFirefox >= 49.0.2-37.1` `MozillaFirefox-translations-common >= 49.0.2-37.1` `MozillaThunderbird >= 45.4.0-23.1` `MozillaThunderbird-translations-common >= 45.4.0-23.1`	Patchnames: openSUSE Leap 42.2 GA MozillaFirefox openSUSE Leap 42.2 GA MozillaThunderbird
openSUSE Tumbleweed	`MozillaFirefox >= 50.1.0-1.1` `MozillaFirefox-branding-upstream >= 50.1.0-1.1` `MozillaFirefox-buildsymbols >= 50.1.0-1.1` `MozillaFirefox-devel >= 50.1.0-1.1` `MozillaFirefox-translations-common >= 50.1.0-1.1` `MozillaFirefox-translations-other >= 50.1.0-1.1` `MozillaThunderbird >= 45.5.1-1.1` `MozillaThunderbird-buildsymbols >= 45.5.1-1.1` `MozillaThunderbird-devel >= 45.5.1-1.1` `MozillaThunderbird-translations-common >= 45.5.1-1.1` `MozillaThunderbird-translations-other >= 45.5.1-1.1`	Patchnames: openSUSE Tumbleweed GA MozillaFirefox openSUSE Tumbleweed GA MozillaThunderbird