Search for vulnerabilities
Vulnerability details: VCID-bez4-avz6-ske4
Vulnerability ID VCID-bez4-avz6-ske4
Aliases CVE-2016-1969
Summary Security researcher James Clawson used the Address Sanitizer tool to discover an out-of-bounds write in the Graphite 2 library when loading a crafted Graphite font file. This results in a potentially exploitable crash.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
epss 0.00472 https://api.first.org/data/v1/epss?cve=CVE-2016-1969
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2016-38
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1969.json
https://api.first.org/data/v1/epss?cve=CVE-2016-1969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526
1317560 https://bugzilla.redhat.com/show_bug.cgi?id=1317560
CVE-2016-1969 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1969
mfsa2016-38 https://www.mozilla.org/en-US/security/advisories/mfsa2016-38
RHSA-2016:0197 https://access.redhat.com/errata/RHSA-2016:0197
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.63651
EPSS Score 0.00472
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:10:13.230089+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2016/mfsa2016-38.md 37.0.0