PT-2017-3741 · Mozilla+5 · Firefox+6

Holger Fuhrmannek

Publicado

2017-05-29

Atualizado

2024-06-15

CVE-2017-7773

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 54

Description: The issue is related to a heap-based buffer overflow in the Graphite2 library, specifically in the lz4::decompress function. This can lead to a buffer overflow read in the graphite2::Silf::readGraphite function of the Graphite 2 library used by Mozilla Firefox and Mozilla Firefox ESR. Exploitation of this issue may allow a remote attacker to cause a denial of service or execute arbitrary code.

Recommendations: For Firefox versions prior to 54, update to version 54 or later to resolve the issue. As a temporary workaround, consider disabling the Graphite2 library until a patch is available. Restrict access to the lz4::decompress function to minimize the risk of exploitation. Avoid using the graphite2::Silf::readGraphite function in affected versions until the issue is resolved.

Exploit

Correção

Out of bounds Read

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125CWE-119

Identificadores relacionados

ALT-PU-2017-1665

ALT-PU-2017-1886

ALT-PU-2018-1854

BDU:2019-00229

CESA-2017_1440

CESA-2017_1561

CESA-2017_1793

CVE-2017-7773

DLA-1007-1

DLA-1013-1

DLA-991-1

DSA-3881-1

DSA-3894-1

DSA-3918-1

MGASA-2017-0178

MGASA-2017-0217

OPENSUSE-SU-2017:1579-1

OPENSUSE-SU-2017_1620-1

OPENSUSE-SU-2024:10601-1

RHSA-2017:1440

RHSA-2017:1561

RHSA-2017:1793

RHSA-2017_1440

RHSA-2017_1561

RHSA-2017_1793

USN-3315-1

USN-3321-1

USN-3398-1

Produtos afetados

Alt Linux

Centos

Firefox

Graphite 2

Red Hat

Suse

Ubuntu

PT-2017-3741 · Mozilla+5 · Firefox+6

CVE-2017-7773

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 995