High

DATE	CVE	VULNERABILITY TITLE	RISK
2016-03-13	CVE-2016-2797	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. network low complexity oracle mozilla suse opensuse sil CWE-119	8.8
2016-03-13	CVE-2016-2796	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. network low complexity sil suse opensuse oracle mozilla CWE-119	8.8
2016-03-13	CVE-2016-2795	Data Processing Errors vulnerability in multiple products The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. network low complexity suse opensuse oracle mozilla sil CWE-19	8.8
2016-03-13	CVE-2016-2794	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. network low complexity mozilla sil suse opensuse oracle CWE-119	8.8
2016-03-13	CVE-2016-2793	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. network low complexity oracle mozilla sil suse opensuse CWE-119	8.8
2016-03-13	CVE-2016-2792	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. network low complexity sil mozilla oracle suse opensuse CWE-119	8.8
2016-03-13	CVE-2016-2791	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. network low complexity suse opensuse mozilla oracle sil CWE-119	8.8
2016-03-13	CVE-2016-2790	Data Processing Errors vulnerability in multiple products The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. network low complexity suse opensuse mozilla sil oracle CWE-19	8.8
2016-03-13	CVE-2016-1977	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font. network low complexity suse opensuse oracle sil mozilla CWE-119	8.8
2016-03-13	CVE-2016-1974	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. network low complexity mozilla oracle suse opensuse CWE-119	8.8