FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

graphite2 -- multiple vulnerabilities

Affected packages
graphite2 < 1.3.6
linux-firefox < 45.0,1
linux-thunderbird < 38.7.0
linux-seamonkey < 2.42

Details

VuXML ID adffe823-e692-4921-ae9c-0b825c218372
Discovery 2016-03-08
Entry 2016-03-08
Modified 2016-03-14

Mozilla Foundation reports:

Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts.

Security researcher James Clawson used the Address Sanitizer tool to discover an out-of-bounds write in the Graphite 2 library when loading a crafted Graphite font file. This results in a potentially exploitable crash.

References

CVE Name CVE-2016-1969
CVE Name CVE-2016-1977
CVE Name CVE-2016-2790
CVE Name CVE-2016-2791
CVE Name CVE-2016-2792
CVE Name CVE-2016-2793
CVE Name CVE-2016-2794
CVE Name CVE-2016-2795
CVE Name CVE-2016-2796
CVE Name CVE-2016-2797
CVE Name CVE-2016-2798
CVE Name CVE-2016-2799
CVE Name CVE-2016-2800
CVE Name CVE-2016-2801
CVE Name CVE-2016-2802
URL https://www.mozilla.org/security/advisories/mfsa2016-37/
URL https://www.mozilla.org/security/advisories/mfsa2016-38/