A vulnerability has been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application.
Find out more about CVE-2016-1523 from the MITRE CVE dictionary dictionary and NIST NVD.
| Base Score | 6.8 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 7 (graphite2) | RHSA-2016:0594 | 2016-04-05 |
| Red Hat Enterprise Linux 5 (firefox) | RHSA-2016:0197 | 2016-02-16 |
| Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) (thunderbird) | RHSA-2016:0258 | 2016-02-18 |
| Red Hat Enterprise Linux 7 (firefox) | RHSA-2016:0197 | 2016-02-16 |
| Red Hat Enterprise Linux 6 (thunderbird) | RHSA-2016:0258 | 2016-02-18 |
| Red Hat Enterprise Linux 5 (thunderbird) | RHSA-2016:0258 | 2016-02-18 |
| Red Hat Enterprise Linux 7 (thunderbird) | RHSA-2016:0258 | 2016-02-18 |
| Red Hat Enterprise Linux 6 (firefox) | RHSA-2016:0197 | 2016-02-16 |
Vulmon