rpm package
suse/graphite2&distro=SUSE Linux Enterprise Desktop 12
pkg:rpm/suse/graphite2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-1526 | Hig | 8.1 | < 1.3.1-6.1 | 1.3.1-6.1 | Feb 13, 2016 | The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of ser | |
| CVE-2016-1523 | Med | 6.5 | < 1.3.1-6.1 | 1.3.1-6.1 | Feb 13, 2016 | The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL poin | |
| CVE-2016-1521 | Hig | 8.8 | < 1.3.1-6.1 | 1.3.1-6.1 | Feb 13, 2016 | The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive informa | |
| CVE-2015-5214 | — | < 1.3.1-3.1 | 1.3.1-3.1 | Nov 10, 2015 | LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file. | ||
| CVE-2015-5213 | — | < 1.3.1-3.1 | 1.3.1-3.1 | Nov 10, 2015 | Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow. | ||
| CVE-2015-5212 | — | < 1.3.1-3.1 | 1.3.1-3.1 | Nov 10, 2015 | Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execut | ||
| CVE-2015-4551 | — | < 1.3.1-3.1 | 1.3.1-3.1 | Nov 10, 2015 | LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which em | ||
| CVE-2014-8147 | — | < 1.3.1-3.1 | 1.3.1-3.1 | May 25, 2015 | The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause | ||
| CVE-2014-8146 | — | < 1.3.1-3.1 | 1.3.1-3.1 | May 25, 2015 | The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a de | ||
| CVE-2015-1774 | — | < 1.3.1-3.1 | 1.3.1-3.1 | Apr 28, 2015 | The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write. |
- affected < 1.3.1-6.1fixed 1.3.1-6.1
The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of ser
- affected < 1.3.1-6.1fixed 1.3.1-6.1
The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL poin
- affected < 1.3.1-6.1fixed 1.3.1-6.1
The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive informa
- CVE-2015-5214Nov 10, 2015affected < 1.3.1-3.1fixed 1.3.1-3.1
LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file.
- CVE-2015-5213Nov 10, 2015affected < 1.3.1-3.1fixed 1.3.1-3.1
Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow.
- CVE-2015-5212Nov 10, 2015affected < 1.3.1-3.1fixed 1.3.1-3.1
Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execut
- CVE-2015-4551Nov 10, 2015affected < 1.3.1-3.1fixed 1.3.1-3.1
LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which em
- CVE-2014-8147May 25, 2015affected < 1.3.1-3.1fixed 1.3.1-3.1
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause
- CVE-2014-8146May 25, 2015affected < 1.3.1-3.1fixed 1.3.1-3.1
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a de
- CVE-2015-1774Apr 28, 2015affected < 1.3.1-3.1fixed 1.3.1-3.1
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.