CVE-2017-7776 — Out-of-bounds Read in Mozilla Firefox

CWE-125 — Out-of-bounds Read11 documents8 sources

Severity

8.1HIGHNVD

EPSS

0.6%

top 30.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SIL Graphite2 Mozilla Firefox

Timeline

PublishedApr 15

Latest updateMay 14

Description

Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages4 packages

▶NVDsil/graphite2< 1.3.10

▶Debiansil/graphite2< 1.3.10-1+3

▶NVDmozilla/firefox< 54.0

▶CVEListV5mozilla/firefoxAll versions prior to Firefox 54

🔴Vulnerability Details

GHSA

GHSA-w8wv-29f2-fhc6: Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph↗2022-05-14

▶

OSV

CVE-2017-7776: Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph↗2019-04-15

▶

CVEList

CVE-2017-7776: Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph↗2019-04-12

▶

📋Vendor Advisories

Ubuntu

graphite2 vulnerabilities↗2017-08-21

▶

Ubuntu

Thunderbird vulnerabilities↗2017-07-05

▶

Ubuntu

Firefox vulnerabilities↗2017-06-15

▶

Red Hat

graphite2: heap-buffer-overflow read "graphite2::Silf::getClassGlyph"↗2017-06-14

▶

Debian

CVE-2017-7776: firefox - Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in gra...↗2017

▶

💬Community

Bugzilla

CVE-2017-7776 graphite2: heap-buffer-overflow read "graphite2::Silf::getClassGlyph"↗2017-07-18

▶

Bugzilla

CVE-2017-7778 Mozilla: Vulnerabilities in the Graphite 2 library (MFSA 2017-16)↗2017-06-14

▶