CVE-2017-7777Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-456Missing Initialization of a Variable12 documents9 sources
Severity
8.8HIGHNVD
EPSS
0.5%
top 34.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SIL Graphite2Mozilla Firefox
Timeline
PublishedApr 15
Latest updateMay 14

Description

Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

NVDsil/graphite2< 1.3.10
Debiansil/graphite2< 1.3.10-1+3
NVDmozilla/firefox< 54.0
CVEListV5mozilla/firefoxAll versions prior to Firefox 54

Patches

Patch: www.mozilla.orgPatch: www.mozilla.org

🔴Vulnerability Details

3
GHSA
GHSA-583h-cvpv-jvr9: Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function2022-05-14
OSV
CVE-2017-7777: Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function2019-04-15
CVEList
CVE-2017-7777: Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function2019-04-12

💥Exploits & PoCs

1
Exploit-DB
Grails PDF Plugin 0.6 - XML External Entity Injection2017-02-21

📋Vendor Advisories

5
Ubuntu
graphite2 vulnerabilities2017-08-21
Ubuntu
Thunderbird vulnerabilities2017-07-05
Ubuntu
Firefox vulnerabilities2017-06-15
Red Hat
graphite2: use of uninitialized memory "graphite2::GlyphCache::Loader::read_glyph"2017-06-14
Debian
CVE-2017-7777: firefox - Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphit...2017

💬Community

2
Bugzilla
CVE-2017-7777 graphite2: use of uninitialized memory "graphite2::GlyphCache::Loader::read_glyph"2017-07-18
Bugzilla
CVE-2017-7778 Mozilla: Vulnerabilities in the Graphite 2 library (MFSA 2017-16)2017-06-14
CVE-2017-7777 — Mozilla Firefox vulnerability | cvebase