FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8f10fa04-cf6a-11e5-96d6-14dae9d210b8graphite2 -- code execution vulnerability

Talos reports:

  • An exploitable denial of service vulnerability exists in the font handling of Libgraphite. A specially crafted font can cause an out-of-bounds read potentially resulting in an information leak or denial of service.

  • A specially crafted font can cause a buffer overflow resulting in potential code execution.

  • An exploitable NULL pointer dereference exists in the bidirectional font handling functionality of Libgraphite. A specially crafted font can cause a NULL pointer dereference resulting in a crash.


Discovery 2016-02-05
Entry 2016-02-09
Modified 2016-03-08
graphite2
< 1.3.5

silgraphite
< 2.3.1_4

linux-thunderbird
< 38.6.0

http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
http://www.talosintel.com/reports/TALOS-2016-0061/
https://www.mozilla.org/security/advisories/mfsa2016-14/
CVE-2016-1521
CVE-2016-1522
CVE-2016-1523
CVE-2016-1526