cbcvebase.

Debian Graphite2 vulnerabilities

27 known vulnerabilities affecting debian/graphite2.

Total CVEs
27
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH24MEDIUM1

Vulnerabilities

Page 1 of 2
CVE-2018-7999HIGHCVSS 8.8fixed in graphite2 1.3.11-2 (bookworm)2018
CVE-2018-7999 [HIGH] CVE-2018-7999: graphite2 - In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability wa... In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file. Scope: local bookworm: resolved (fixed in 1.3.11-2) bullseye: resolved (fixed in 1.3.11-2) forky: resolved (f
debian
CVE-2017-7778CRITICALCVSS 9.8fixed in firefox 54.0-1 (sid)2017
CVE-2017-7778 [CRITICAL] CVE-2017-7778: firefox - A number of security vulnerabilities in the Graphite 2 library including out-of-... A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Scope: local sid: resolved (fixed in 54.0-1)
debian
CVE-2017-7774CRITICALCVSS 9.1fixed in firefox 54.0-1 (sid)2017
CVE-2017-7774 [CRITICAL] CVE-2017-7774: firefox - Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf:... Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function. Scope: local sid: resolved (fixed in 54.0-1)
debian
CVE-2017-7773HIGHCVSS 8.8fixed in firefox 54.0-1 (sid)2017
CVE-2017-7773 [HIGH] CVE-2017-7773: firefox - Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz... Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor. Scope: local sid: resolved (fixed in 54.0-1)
debian
CVE-2017-7771HIGHCVSS 8.1fixed in firefox 54.0-1 (sid)2017
CVE-2017-7771 [HIGH] CVE-2017-7771: firefox - Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass:... Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. Scope: local sid: resolved (fixed in 54.0-1)
debian
CVE-2017-7772HIGHCVSS 8.8fixed in firefox 54.0-1 (sid)2017
CVE-2017-7772 [HIGH] CVE-2017-7772: firefox - Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::dec... Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function. Scope: local sid: resolved (fixed in 54.0-1)
debian
CVE-2017-7777HIGHCVSS 8.8fixed in firefox 54.0-1 (sid)2017
CVE-2017-7777 [HIGH] CVE-2017-7777: firefox - Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphit... Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function. Scope: local sid: resolved (fixed in 54.0-1)
debian
CVE-2017-7776HIGHCVSS 8.1fixed in firefox 54.0-1 (sid)2017
CVE-2017-7776 [HIGH] CVE-2017-7776: firefox - Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in gra... Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph. Scope: local sid: resolved (fixed in 54.0-1)
debian
CVE-2016-2796HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-2796 [HIGH] CVE-2016-2796: firefox - Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in... Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. Scope: local sid: resolved (fixed in 45.0-1)
debian
CVE-2016-2799HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-2799 [HIGH] CVE-2016-2799: firefox - Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite ... Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. Scope: local sid: resolved (fixed in 45.0-1)
debian
CVE-2016-2797HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-2797 [HIGH] CVE-2016-2797: firefox - The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6... The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. Scope: local sid: re
debian
CVE-2016-2795HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-2795 [HIGH] CVE-2016-2795: firefox - The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as us... The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. Scope: local sid: resolved (
debian
CVE-2016-2798HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-2798 [HIGH] CVE-2016-2798: firefox - The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, a... The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. Scope: local sid: resolved (fixed in 45.0-1)
debian
CVE-2016-2793HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-2793 [HIGH] CVE-2016-2793: firefox - CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.... CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. Scope: local sid: resolved (fixed in 45.0-1)
debian
CVE-2016-1969HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-1969 [HIGH] CVE-2016-1969: firefox - The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox befo... The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font. Scope: local sid: resolved (fixed in 45.0-1)
debian
CVE-2016-1522HIGHCVSS 8.8fixed in graphite2 1.3.5-1 (bookworm)2016
CVE-2016-1522 [HIGH] CVE-2016-1522: graphite2 - Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 4... Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font. Scope: local bookworm: resolve
debian
CVE-2016-2802HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-2802 [HIGH] CVE-2016-2802: firefox - The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before... The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. Scope: local sid: resolved (fixed in 45.0-1)
debian
CVE-2016-2792HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-2792 [HIGH] CVE-2016-2792: firefox - The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as... The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. Scope: local sid: resolv
debian
CVE-2016-2794HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-2794 [HIGH] CVE-2016-2794: firefox - The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 befor... The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. Scope: local sid: resolved (fixed in 45.0-1)
debian
CVE-2016-2800HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-2800 [HIGH] CVE-2016-2800: firefox - The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as... The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792. Scope: local sid: resolv
debian
1 / 2Next →