26 results (0.029 seconds)

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2017-7778 – Mozilla: Vulnerabilities in the Graphite 2 library (MFSA 2017-16)

https://notcve.org/view.php?id=CVE-2017-7778

A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Hay una serie de vulnerabilidades de seguridad en la biblioteca Graphite 2, incluyendo lecturas fuera de límites, lecturas y escrituras por desbordamiento de búfer y el uso de memoria no inicializada. Estos problemas fueron abordados en la versión 1.3.10 de Graphite 2. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 https://access.redhat.com/errata/RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1561 https://access.redhat.com/errata/RHSA-2017:1793 https://bugzilla.mozilla.org/show_bug.cgi?id=1349310 https://bugzilla.mozilla.org/show_bug.cgi?id=1350047 https://bugzilla.mozilla.org/show_bug.cgi?id=1352745 https://bugzilla.mozilla.org/show_bug.cgi?id=1352747 https://bugzilla.mozilla.org/show_bug • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

CVE-2017-7777 – graphite2: use of uninitialized memory "graphite2::GlyphCache::Loader::read_glyph"

https://notcve.org/view.php?id=CVE-2017-7777

Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function. La librería Graphite2, en versiones de Firefox anteriores a la 54, es vulnerable a un uso de memoria no inicializada en la función graphite2::GlyphCache::Loader::read_glyph. The use of uninitialized memory related to "graphite2::GlyphCache::Loader::read_glyph" has been reported in graphite2. An attacker could possibly exploit this flaw to negatively impact the execution of an application using graphite2 in unknown ways. • https://www.mozilla.org/en-US/security/advisories/mfsa2017-15 https://access.redhat.com/security/cve/CVE-2017-7777 https://bugzilla.redhat.com/show_bug.cgi?id=1472225 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-456: Missing Initialization of a Variable •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

CVE-2017-7772 – graphite2: heap-buffer-overflow write "lz4::decompress" (CVE-2017-7772)

https://notcve.org/view.php?id=CVE-2017-7772

Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function. Desbordamiento de búfer basado en memoria dinámica (heap) en Graphinte2 en versiones de Firefox anteriores a la 54 en lz4::decompress function. A heap-based buffer overflow flaw related to "lz4::decompress" has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code. • https://www.mozilla.org/en-US/security/advisories/mfsa2017-15 https://access.redhat.com/security/cve/CVE-2017-7772 https://bugzilla.redhat.com/show_bug.cgi?id=1472213 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1

CVE-2017-7771 – graphite2: out of bounds read in "graphite2::Pass::readPass"

https://notcve.org/view.php?id=CVE-2017-7771

Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. Lectura fuera de límites en la librería Graphite2 para versiones de Firefox anteriores a la 54 en la función graphite2::Pass::readPass. An out of bounds read flaw related to "graphite2::Pass::readPass" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. • https://bugzilla.redhat.com/show_bug.cgi?id=1472212 https://www.mozilla.org/en-US/security/advisories/mfsa2017-15 https://access.redhat.com/security/cve/CVE-2017-7771 • CWE-125: Out-of-bounds Read •

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1

CVE-2017-7776 – graphite2: heap-buffer-overflow read "graphite2::Silf::getClassGlyph"

https://notcve.org/view.php?id=CVE-2017-7776

Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph. La librería Graphite2, en versiones de Firefox anteriores a la 54, es vulnerable a un desbordamiento de búfer de lectura basado en memoria dinámica en graphite2::Silf::getClassGlyph. An out of bounds read flaw related to "graphite2::Silf::getClassGlyph" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. • https://www.mozilla.org/en-US/security/advisories/mfsa2017-15 https://access.redhat.com/security/cve/CVE-2017-7776 https://bugzilla.redhat.com/show_bug.cgi?id=1472223 • CWE-125: Out-of-bounds Read •