CVE-2017-7772 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow11 documents8 sources

Severity

8.8HIGHNVD

EPSS

0.6%

top 30.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SIL Graphite2 Mozilla Firefox

Timeline

PublishedApr 12

Latest updateMay 14

Description

Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDsil/graphite2< 1.3.10

▶NVDmozilla/firefox< 54.0

▶Debiansil/graphite2< 1.3.10-1+3

▶CVEListV5mozilla/firefoxAll versions prior to Firefox 54

🔴Vulnerability Details

GHSA

GHSA-x9jq-pqmx-gf7r: Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function↗2022-05-14

▶

OSV

CVE-2017-7772: Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function↗2019-04-12

▶

CVEList

CVE-2017-7772: Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function↗2019-04-12

▶

📋Vendor Advisories

Ubuntu

graphite2 vulnerabilities↗2017-08-21

▶

Ubuntu

Thunderbird vulnerabilities↗2017-07-05

▶

Ubuntu

Firefox vulnerabilities↗2017-06-15

▶

Red Hat

graphite2: heap-buffer-overflow write "lz4::decompress" (CVE-2017-7772)↗2017-06-14

▶

Debian

CVE-2017-7772: firefox - Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::dec...↗2017

▶

💬Community

Bugzilla

CVE-2017-7772 graphite2: heap-buffer-overflow write "lz4::decompress" (CVE-2017-7772)↗2017-07-18

▶

Bugzilla

CVE-2017-7778 Mozilla: Vulnerabilities in the Graphite 2 library (MFSA 2017-16)↗2017-06-14

▶