The graphite2::FileFace::get_table_fn function in Graphite 2 prior to 1.3.6, as used in Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to 38.7, does not initialize memory for an unspecified data structure, which allows remote malicious users to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse leap 42.1 |
||
opensuse opensuse 13.2 |
||
suse linux enterprise 12.0 |
||
opensuse opensuse 13.1 |
||
oracle linux 6 |
||
oracle linux 5.0 |
||
oracle linux 7 |
||
mozilla firefox |
||
mozilla firefox esr 38.6.1 |
||
mozilla firefox esr 38.2.0 |
||
mozilla firefox esr 38.1.1 |
||
mozilla firefox esr 38.3.0 |
||
mozilla firefox esr 38.2.1 |
||
mozilla firefox esr 38.5.0 |
||
mozilla firefox esr 38.4.0 |
||
mozilla firefox esr 38.0.1 |
||
mozilla firefox esr 38.0 |
||
mozilla firefox esr 38.6.0 |
||
mozilla firefox esr 38.5.1 |
||
mozilla firefox esr 38.1.0 |
||
mozilla firefox esr 38.0.5 |
||
sil graphite2 |