CVE-2017-7778 (NVD)

2018-06-11

A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Products Debian_linux, Firefox, Firefox_esr, Thunderbird, Graphite2
Type Out-of-bounds Read (CWE-125)
Out-of-bounds Write (CWE-787)
Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)
First patch - None (likely due to unavailable code)
Links https://bugzilla.mozilla.org/show_bug.cgi?id=1349310
https://bugzilla.mozilla.org/show_bug.cgi?id=1355174
http://www.securitytracker.com/id/1038689
https://bugzilla.mozilla.org/show_bug.cgi?id=1350047
https://www.mozilla.org/security/advisories/mfsa2017-16/