CVE-2016-1522

Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.

Published: Feb 13, 2016
Updated: Nov 9, 2025
CVE: CVE-2016-1522
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
fedoraproject / fedora	22	22.x
fedoraproject / fedora	23	23.x
mozilla / thunderbird	-	38.5.1.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	7.0	7.0.x
sil / graphite2	1.2.4	1.2.4.x
mozilla / firefox	38.0	38.0.x
mozilla / firefox	38.0.1	38.0.1.x
mozilla / firefox	38.0.5	38.0.5.x
mozilla / firefox	38.1.0	38.1.0.x
mozilla / firefox	38.1.1	38.1.1.x
mozilla / firefox	38.2.0	38.2.0.x
mozilla / firefox	38.2.1	38.2.1.x
mozilla / firefox	38.3.0	38.3.0.x
mozilla / firefox	38.4.0	38.4.0.x
mozilla / firefox	38.5.0	38.5.0.x
mozilla / firefox	38.5.1	38.5.1.x
mozilla / firefox	38.5.2	38.5.2.x
mozilla / firefox	38.6.0	38.6.0.x

Vulnerability Database

300,926

CVE-2016-1522

Deep Security Visibility Without the Complexity