Sil Graphite2 vulnerabilities

CVE-2017-7774 [CRITICAL] CWE-125 CVE-2017-7774: Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite functi Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.

CVE-2017-7776 [HIGH] CWE-125 CVE-2017-7776: Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getCla Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.

CVE-2017-7777 [HIGH] CWE-119 CVE-2017-7777: Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Load Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.

CVE-2017-7771 [HIGH] CWE-125 CVE-2017-7771: Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.

CVE-2017-7773 [HIGH] CWE-119 CVE-2017-7773: Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/De Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.

CVE-2017-7772 [HIGH] CWE-119 CVE-2017-7772: Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function. Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.

CVE-2017-7778 [CRITICAL] CWE-119 CVE-2017-7778: A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

CVE-2018-7999 [HIGH] CWE-476 CVE-2018-7999: In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.c In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file.

CVE-2016-2802 [HIGH] CWE-119 CVE-2016-2802: The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in M The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

CVE-2016-1977 [HIGH] CWE-119 CVE-2016-1977: The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozill The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.

CVE-2016-2793 [HIGH] CWE-119 CVE-2016-2793: CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38 CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

CVE-2016-2790 [HIGH] CWE-19 CVE-2016-2790: The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.

CVE-2016-2801 [HIGH] CVE-2016-2801: The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.

CVE-2016-2795 [HIGH] CWE-19 CVE-2016-2795: The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefo The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.

CVE-2016-2799 [HIGH] CWE-119 CVE-2016-2799: Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as u Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.

CVE-2016-2792 [HIGH] CWE-119 CVE-2016-2792: The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Fir The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800.

CVE-2016-1969 [HIGH] CWE-119 CVE-2016-1969: The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font.

CVE-2016-2798 [HIGH] CWE-119 CVE-2016-2798: The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Fi The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

CVE-2016-2796 [HIGH] CWE-119 CVE-2016-2796: Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1 Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.

CVE-2016-2791 [HIGH] CWE-119 CVE-2016-2791: The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox bef The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.