PT-2017-3741 · Mozilla+5 · Firefox+6

Holger Fuhrmannek

Published

2017-05-29

Updated

2024-06-15

CVE-2017-7773

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 54

Description: The issue is related to a heap-based buffer overflow in the Graphite2 library, specifically in the lz4::decompress function. This can lead to a buffer overflow read in the graphite2::Silf::readGraphite function of the Graphite 2 library used by Mozilla Firefox and Mozilla Firefox ESR. Exploitation of this issue may allow a remote attacker to cause a denial of service or execute arbitrary code.

Recommendations: For Firefox versions prior to 54, update to version 54 or later to resolve the issue. As a temporary workaround, consider disabling the Graphite2 library until a patch is available. Restrict access to the lz4::decompress function to minimize the risk of exploitation. Avoid using the graphite2::Silf::readGraphite function in affected versions until the issue is resolved.

Exploit

Fix

Out of bounds Read

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-119

Related Identifiers

ALT-PU-2017-1665

ALT-PU-2017-1886

ALT-PU-2018-1854

BDU:2019-00229

CESA-2017_1440

CESA-2017_1561

CESA-2017_1793

CVE-2017-7773

DLA-1007-1

DLA-1013-1

DLA-991-1

DSA-3881-1

DSA-3894-1

DSA-3918-1

MGASA-2017-0178

MGASA-2017-0217

OPENSUSE-SU-2017:1579-1

OPENSUSE-SU-2017_1620-1

OPENSUSE-SU-2024:10601-1

RHSA-2017:1440

RHSA-2017:1561

RHSA-2017:1793

RHSA-2017_1440

RHSA-2017_1561

RHSA-2017_1793

USN-3315-1

USN-3321-1

USN-3398-1

Affected Products

Alt Linux

Centos

Firefox

Graphite 2

Red Hat

Suse

Ubuntu

PT-2017-3741 · Mozilla+5 · Firefox+6

CVE-2017-7773

Weakness Enumeration

Related Identifiers

Affected Products

References · 995