CVE-2016-1526

The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

Published: Feb 13, 2016
Updated: Nov 9, 2025
CVE: CVE-2016-1526
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:N/A:P

CWEs:

Affected Software
References

Software	From	Fixed in
debian / debian_linux	8.0	8.0.x
debian / debian_linux	7.0	7.0.x
mozilla / thunderbird	-	38.5.1.x
sil / graphite2	1.2.4	1.2.4.x
fedoraproject / fedora	22	22.x
fedoraproject / fedora	23	23.x
mozilla / firefox	38.0	38.0.x
mozilla / firefox	38.0.1	38.0.1.x
mozilla / firefox	38.0.5	38.0.5.x
mozilla / firefox	38.1.0	38.1.0.x
mozilla / firefox	38.1.1	38.1.1.x
mozilla / firefox	38.2.0	38.2.0.x
mozilla / firefox	38.2.1	38.2.1.x
mozilla / firefox	38.3.0	38.3.0.x
mozilla / firefox	38.4.0	38.4.0.x
mozilla / firefox	38.5.0	38.5.0.x
mozilla / firefox	38.5.1	38.5.1.x
mozilla / firefox	38.5.2	38.5.2.x
mozilla / firefox	38.6.0	38.6.0.x

Vulnerability Database

CVE-2016-1526

Deep Security Visibility Without the Complexity