PT-2017-3742 · Mozilla+5 · Firefox+8
Holger Fuhrmannek
+1
·
Published
2017-05-29
·
Updated
2024-06-15
·
CVE-2017-7778
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Graphite 2 versions prior to 1.3.10
Mozilla Firefox versions prior to 54
Mozilla Firefox ESR versions prior to 52.2
Thunderbird versions prior to 52.2
Description:
The issue is related to the lz4::decompress function in the Graphite 2 library, which is used by Mozilla Firefox and Mozilla Firefox ESR. It involves an out-of-bounds buffer write in memory. Exploitation of this issue can allow a remote attacker to execute arbitrary code or cause a denial of service. Additionally, there are other security issues in the Graphite 2 library, including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory.
Recommendations:
For Graphite 2 versions prior to 1.3.10, update to version 1.3.10 or later.
For Mozilla Firefox versions prior to 54, update to version 54 or later.
For Mozilla Firefox ESR versions prior to 52.2, update to version 52.2 or later.
For Thunderbird versions prior to 52.2, update to version 52.2 or later.
Fix
Buffer Overflow
Out of bounds Read
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Centos
Graphite 2
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu