{"id":"MGASA-2016-0077","summary":"Updated graphite2/firefox packages fix security vulnerability","details":"Multiple vulnerabilities in the graphite2 font library can result in\ninformation disclosure, denial-of-service (application crashes), or code\nexecution via out-of-bounds reads, a NULL pointer dereference, and a\nheap-based buffer overflow (CVE-2016-1521, CVE-2016-1522, CVE-2016-1523,\nCVE-2016-1526).\n\nFirefox includes a bundled copy of the graphite2 library, which has been\nupdated in Firefox ESR 38.6.1.\n","modified":"2026-01-30T07:15:49.857201Z","published":"2016-02-17T19:06:01Z","related":["CVE-2016-1521","CVE-2016-1522","CVE-2016-1523","CVE-2016-1526"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0077.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=17780"},{"type":"REPORT","url":"http://www.talosintel.com/reports/TALOS-2016-0057/"},{"type":"REPORT","url":"http://www.talosintel.com/reports/TALOS-2016-0058/"},{"type":"REPORT","url":"http://www.talosintel.com/reports/TALOS-2016-0059/"},{"type":"REPORT","url":"http://www.talosintel.com/reports/TALOS-2016-0060/"},{"type":"REPORT","url":"http://www.talosintel.com/reports/TALOS-2016-0061/"},{"type":"REPORT","url":"http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/"},{"type":"REPORT","url":"https://www.debian.org/security/2016/dsa-3477"}],"affected":[{"package":{"name":"firefox","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"38.6.1-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0077.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"38.6.1-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0077.json"}},{"package":{"name":"graphite2","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/graphite2?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.5-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0077.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}