The graphite2::TtfUtil::GetTableInfo function in Graphite 2 prior to 1.3.6, as used in Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to 38.7, does not initialize memory for an unspecified data structure, which allows remote malicious users to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
suse linux enterprise 12.0 |
||
opensuse opensuse 13.2 |
||
opensuse leap 42.1 |
||
opensuse opensuse 13.1 |
||
mozilla firefox |
||
mozilla firefox esr 38.6.1 |
||
mozilla firefox esr 38.2.0 |
||
mozilla firefox esr 38.1.1 |
||
mozilla firefox esr 38.6.0 |
||
mozilla firefox esr 38.5.1 |
||
mozilla firefox esr 38.1.0 |
||
mozilla firefox esr 38.0.5 |
||
mozilla firefox esr 38.5.0 |
||
mozilla firefox esr 38.4.0 |
||
mozilla firefox esr 38.0.1 |
||
mozilla firefox esr 38.0 |
||
mozilla firefox esr 38.3.0 |
||
mozilla firefox esr 38.2.1 |
||
sil graphite2 |
||
oracle linux 5.0 |
||
oracle linux 6 |
||
oracle linux 7 |