The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.
2016-02-13T02:59:08.900
2025-04-12T10:46:40.837
Deferred
CVSSv3.0: 6.5 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:N/A:P
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | fedoraproject | fedora | 22 | Yes |
| Operating System | fedoraproject | fedora | 23 | Yes |
| Application | mozilla | firefox | 38.0 | Yes |
| Application | mozilla | firefox | 38.0.1 | Yes |
| Application | mozilla | firefox | 38.0.5 | Yes |
| Application | mozilla | firefox | 38.1.0 | Yes |
| Application | mozilla | firefox | 38.1.1 | Yes |
| Application | mozilla | firefox | 38.2.0 | Yes |
| Application | mozilla | firefox | 38.2.1 | Yes |
| Application | mozilla | firefox | 38.3.0 | Yes |
| Application | mozilla | firefox | 38.4.0 | Yes |
| Application | mozilla | firefox | 38.5.0 | Yes |
| Application | mozilla | firefox | 38.5.1 | Yes |
| Application | mozilla | firefox | 38.5.2 | Yes |
| Application | mozilla | firefox | 38.6.0 | Yes |
| Application | mozilla | thunderbird | ≤ 38.5.1 | Yes |
| Application | sil | graphite2 | 1.2.4 | Yes |
| Operating System | debian | debian_linux | 7.0 | Yes |
| Operating System | debian | debian_linux | 8.0 | Yes |