CVE-2016-2793

Name	CVE-2016-2793
Description	CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
References	DSA-3510-1, DSA-3515-1, DSA-3520-1
NVD severity	medium

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
firefox (PTS)	sid	71.0-2	fixed
firefox-esr (PTS)	jessie	52.8.1esr-1~deb8u1	fixed
	jessie (security)	68.3.0esr-1~deb8u1	fixed
	stretch	60.7.1esr-1~deb9u1	fixed
	stretch (security)	68.3.0esr-1~deb9u1	fixed
	buster	68.2.0esr-1~deb10u1	fixed
	buster (security)	68.3.0esr-1~deb10u1	fixed
	bullseye	68.2.0esr-1	fixed
	sid	68.3.0esr-1	fixed
graphite2 (PTS)	jessie (security), jessie	1.3.10-1~deb8u1	fixed
	stretch	1.3.10-1	fixed
	buster	1.3.13-7	fixed
	bullseye, sid	1.3.13-11	fixed
icedove (PTS)	jessie	1:52.3.0-4~deb8u2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
firefox	source	(unstable)	45.0-1
firefox-esr	source	(unstable)	45.0esr-1
graphite2	source	(unstable)	1.3.6-1
graphite2	source	jessie	1.3.6-1~deb8u1	DSA-3515-1
graphite2	source	wheezy	1.3.6-1~deb7u1	DSA-3515-1
icedove	source	(unstable)	38.7.0-1
icedove	source	jessie	38.7.0-1~deb8u1	DSA-3520-1
icedove	source	wheezy	38.7.0-1~deb7u1	DSA-3520-1
iceweasel	source	(unstable)	(unfixed)
iceweasel	source	jessie	38.7.0esr-1~deb8u1	DSA-3510-1
iceweasel	source	wheezy	38.7.0esr-1~deb7u1	DSA-3510-1

https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/