Vulnerability CVE-2017-7773


Published: 2019-04-15

Description:
Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Mozilla
Product: Firefox 
Version:
9.0.1
9.0
8.0.1
8.0
7.0.1
7.0
6.0.2
6.0.1
6.0
53.0.3
53.0.2
53.0
52.9.0
52.8.1
52.8.0
52.7.4
52.7.3
52.7.2
52.7.1
52.7.0
52.6.0
52.5.3
52.5.2
52.5.0
52.4.1
52.4.0
52.3.0
52.2.1
52.2.0
52.1.2
52.1.1
52.1.0
52.0.2
52.0.1
52.0
51.0.1
51.0
50.0.2
50.0.1
50.0
5.0.1
5.0
49.0.2
49.0.1
49.0
48.0.2
48.0.1
48.0
47.0.2
47.0.1
47.0
46.0.1
46.0
45.9.0
45.8.0
45.7.0
45.6.0
45.5.1
45.5.0
45.4.0
45.3.0
45.2.0
45.1.1
45.0.2
45.0.1
45.0
44.0.2
44.0.1
44.0
43.0.4
43.0.3
43.0.2
43.0.1
43.0
42.0
41.0.2
41.0.1
41.0
40.0.3
40.0.2
40.0
4.0.1
4.0
39.0.3
39.0
38.8.0
38.7.1
38.7.0
38.6.1
38.6.0
38.5.2
38.5.1
38.5.0
38.4.0
38.3.0
38.2.1
38.2.0
38.1.1
38.1.0
38.0.5
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/

Related CVE
CVE-2017-7777
Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.
CVE-2017-7776
Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.
CVE-2017-7774
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.
CVE-2017-7771
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.
CVE-2017-7772
Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.
CVE-2018-14498
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is o...
CVE-2018-18499
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could all...
CVE-2018-18498
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird ...

Copyright 2019, cxsecurity.com

 

Back to Top