CVE-2017-7773Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow11 documents8 sources
Severity
8.8HIGHNVD
EPSS
0.6%
top 30.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SIL Graphite2Mozilla Firefox
Timeline
PublishedApr 15
Latest updateMay 14

Description

Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

NVDsil/graphite2< 1.3.10
NVDmozilla/firefox< 54.0
Debiansil/graphite2< 1.3.10-1+3
CVEListV5mozilla/firefoxAll versions prior to Firefox 54

🔴Vulnerability Details

3
GHSA
GHSA-hw5m-xj65-6qh5: Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor2022-05-14
OSV
CVE-2017-7773: Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor2019-04-15
CVEList
CVE-2017-7773: Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor2019-04-12

📋Vendor Advisories

5
Ubuntu
graphite2 vulnerabilities2017-08-21
Ubuntu
Thunderbird vulnerabilities2017-07-05
Ubuntu
Firefox vulnerabilities2017-06-15
Red Hat
graphite2: heap-buffer-overflow write "lz4::decompress" (src/Decompressor)2017-06-14
Debian
CVE-2017-7773: firefox - Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz...2017

💬Community

2
Bugzilla
CVE-2017-7773 graphite2: heap-buffer-overflow write "lz4::decompress" (src/Decompressor)2017-07-18
Bugzilla
CVE-2017-7778 Mozilla: Vulnerabilities in the Graphite 2 library (MFSA 2017-16)2017-06-14
CVE-2017-7773 — Mozilla Firefox vulnerability | cvebase