Endpoint Vulnerability

Out-of-bounds write with malicious font in Graphite 2

Description

Security researcher James Clawson used the Address Sanitizer tool to discover an out-of-bounds write in the Graphite 2 library when loading a crafted Graphite font file. This results in a potentially exploitable crash.

Affected Products

Firefox,Firefox ESR

References

CVE-2016-1969,