Vulnerability Spotlight: Libgraphite Font Processing Vulnerabilities

serveurs

Vulnerabilities Discovered byYves Younanof Cisco Talos.

Talos is releasing an advisory for four vulnerabilities that have been found within the Libgraphite library, which is used for font processing in Linux, Firefox, LibreOffice, and other major applications. The most severe vulnerability results from an out-of-bounds read which the attacker can use to achieve arbitrary code execution. A second vulnerability is an exploitable heap overflow. Finally, the last two vulnerabilities result in denial of service situations. To exploit these vulnerabilities, an attacker simply needs the user to run aGraphite-enabledapplication that renders a page using a specially crafted font that triggers one of these vulnerabilities. Since Mozilla Firefox versions 11-42 directly support Graphite, the attacker could easily compromise a server and then serve the specially crafted font when the user renders a page from the server (since Graphite supports both local and server-based fonts).

In this post, we will discuss the following vulnerabilities:

CVE-2016-1521
CVE-2016-1522
CVE-2016-1523
CVE-2016-1526

Cisco Price, Dell Price, Huawei Price, ZTE HPE Fortinet Switch Router Server At Low Price

serveurs

Nouvelles chaudes

Huawei Switches Visio Stencils

Huawei Switches Distributor in UAE

PoE vs PoE+ vs UPoE: What's the best switch to meet your network needs?

Understanding PoE Standards and Wattage

Power Supply Standards for POE Switches. Why is the Power Supply Distance Limited to 100 Meters?

How to Choose the Right 10G SFP+ Module: SR, LR, or LRM?

Huawei Switches: Comprehensive Guide and Insights

How Does Cisco Wireless Network Work?

How Do I Connect to a Cisco Wireless Router?

Cisco Catalyst 9800 Series Wireless Controller Software Configuration Guide

Cisco Access Point and Wireless Controller Selector

Compare Cisco Wireless Architectures and AP Modes

Cisco Wireless Architectures and AP Modes

Joining Process of an Cisco Access Point

Cisco Wireless AP Datasheet

Cisco Wireless AP and Controllers: A Comprehensive Guide to Efficient Networking

Cisco Aironet 3700 Series Access Points Datasheet

Cisco Wireless AP License: Unlocking the Power of Cisco DNA Software for Wireless Networks

Set up a Wireless Network using a Wireless Access Point (WAP)

Cisco Wireless Access Point (AP) Modes Explained

Cisco Wireless AP Comparison: A Comprehensive Guide to Finding the Right Solution for Your Network Needs

Cisco Business Wireless Startup LED Status Codes

Regulatory Compliance (Rest of the World) for Domain Reduction

Getting Started with the Cisco Catalyst Wireless Mobile Application

Cisco Wireless AP Models

Cisco Wireless Access Points: Future-Proofing Connectivity for the Modern Workplace

Cisco 9300 Stacking Configuration Guide Book

Best Practices for Cisco Catalyst 9300 Switches

Cisco 9300 Switches Dimensions

Cisco Catalyst IE9300 Rugged Series Data Sheet

Vulnerability Spotlight: Libgraphite Font Processing Vulnerabilities

Tags chauds: Cisco Talos Talos Vulnerability Research

Ordering Guide

Ressources ressources

À propos de nous