Description
Multiple vulnerabilities in the graphite2 font library can result in
information disclosure, denial-of-service (application crashes), or code
execution via out-of-bounds reads, a NULL pointer dereference, and a
heap-based buffer overflow (CVE-2016-1521, CVE-2016-1522, CVE-2016-1523,
CVE-2016-1526).
Firefox includes a bundled copy of the graphite2 library, which has been
updated in Firefox ESR 38.6.1.