Endpoint Vulnerability

Buffer overflow rendering SVG with bidirectional content

Description

Using the Address Sanitizer tool, security researcher Atte Kettunen found a buffer overflow during the rendering of SVG format graphics with directional content. This is caused by a flaw in directional-isolate processing and results in a potentially exploitable crash.

Affected Products

Firefox,Firefox ESR

References

CVE-2016-2838,