Mozilla Foundation Security Advisory 2016-38

Out-of-bounds write with malicious font in Graphite 2

Announced
March 8, 2016
Reporter
James Clawson
Impact
Critical
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 45
  • Firefox ESR 38.6.1

Description

Security researcher James Clawson used the Address Sanitizer tool to discover an out-of-bounds write in the Graphite 2 library when loading a crafted Graphite font file. This results in a potentially exploitable crash.

References