Vulnerability Spotlight: Libgraphite Font Processing Vulnerabilities

SERVERS

Vulnerabilities Discovered byYves Younanof Cisco Talos.

Talos is releasing an advisory for four vulnerabilities that have been found within the Libgraphite library, which is used for font processing in Linux, Firefox, LibreOffice, and other major applications. The most severe vulnerability results from an out-of-bounds read which the attacker can use to achieve arbitrary code execution. A second vulnerability is an exploitable heap overflow. Finally, the last two vulnerabilities result in denial of service situations. To exploit these vulnerabilities, an attacker simply needs the user to run aGraphite-enabledapplication that renders a page using a specially crafted font that triggers one of these vulnerabilities. Since Mozilla Firefox versions 11-42 directly support Graphite, the attacker could easily compromise a server and then serve the specially crafted font when the user renders a page from the server (since Graphite supports both local and server-based fonts).

In this post, we will discuss the following vulnerabilities:

CVE-2016-1521
CVE-2016-1522
CVE-2016-1523
CVE-2016-1526

Cisco Price, Dell Price, Huawei Price, ZTE HPE Fortinet Switch Router Server At Low Price

SERVERS

HOT NEWS

Cisco Catalyst 9200 9200L Series Manual free PDF download

Quick Replacement Methods for Faulty Network Switches

2024 Revised Edition: How to Check Cisco Product Serial Numbers?

Cisco Catalyst 1300 Series Firmware: A Comprehensive Guide

What is the phone number for Cisco support?

What is Cisco WLAN controller?

What does a Cisco wireless controller do?

What is Active-Active Data Center?

What is Cisco Partner Program? How to join Cisco partner?

What does Cisco ASR do?

Huawei S6700: How to Configure the MTU Value of an Interface

Huawei Switch S6700 Configuring the Traffic Statistics Interval

Huawei NE router: forget console password, how to recover it

What is Cisco Catalyst 3650?

How about cisco 2960X?

Huawei CloudEngine switches split stacking

What is Cisco ISR?

What is the Cisco SD-WAN?

What is Cisco licenses?

What is Cisco Catalyst 3750?

Huawei S6700 Backup Configuration File to FTP Server or Client

Restoring Factory Settings on Huawei CloudEngine Series Switches

What is Catalyst 9500?

Difference between Huawei HC & HCS & HCSO

What is the difference between Catalyst 9200 and 9200L?

Is the Cisco 3850 a switch or a router?

HUAWEI Switches S6700 - Example: Configuring the Device as an SCP Client

What does the Cisco company do?

What is Cisco ISR 4331 router?

Public Cloud Hardware Integration Implementation

Vulnerability Spotlight: Libgraphite Font Processing Vulnerabilities

Hot Tags : Cisco Talos Talos Vulnerability Research

Ordering Guide

Resources

About Us

Cisco Price, Dell Price, Huawei Price, ZTE HPE Fortinet Switch Router Server At Low Price

SERVERS

HOT NEWS

Cisco Catalyst 9200 9200L Series Manual free PDF download

Quick Replacement Methods for Faulty Network Switches

2024 Revised Edition: How to Check Cisco Product Serial Numbers?

Cisco Catalyst 1300 Series Firmware: A Comprehensive Guide

What is the phone number for Cisco support?

What is Cisco WLAN controller?

What does a Cisco wireless controller do?

What is Active-Active Data Center?

​What is Cisco Partner Program? How to join Cisco partner?

What does Cisco ASR do?

Huawei S6700: How to Configure the MTU Value of an Interface

Huawei Switch S6700 Configuring the Traffic Statistics Interval

Huawei NE router: forget console password, how to recover it

What is Cisco Catalyst 3650?

How about cisco 2960X?

Huawei CloudEngine switches split stacking

What is Cisco ISR?

What is the Cisco SD-WAN?

What is Cisco licenses?

What is Cisco Catalyst 3750?

Huawei S6700 Backup Configuration File to FTP Server or Client

Restoring Factory Settings on Huawei CloudEngine Series Switches

What is Catalyst 9500?

Difference between Huawei HC & HCS & HCSO

What is the difference between Catalyst 9200 and 9200L?

Is the Cisco 3850 a switch or a router?

HUAWEI Switches S6700 - Example: Configuring the Device as an SCP Client

​What does the Cisco company do?

What is Cisco ISR 4331 router?

Public Cloud Hardware Integration Implementation

Vulnerability Spotlight: Libgraphite Font Processing Vulnerabilities

Hot Tags : Cisco Talos Talos Vulnerability Research

Ordering Guide

Resources

About Us

What is Cisco Partner Program? How to join Cisco partner?

What does the Cisco company do?