Endpoint Vulnerability

Vulnerabilities in Graphite 2

Description

Security researcher Holger Fuhrmannek reported that a malicious Graphite 'smart font' could circumvent the validation of internal instruction parameters in the Graphite 2 library using special CNTXT_ITEM instructions. This could result in arbitrary code execution.

Affected Products

Firefox ESR

References

CVE-2016-1523,