CVE-2017-7778

Published: Jun 11, 2018Modified: Nov 25, 2025

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Affected (6)

Products: Mozilla: Firefox, Thunderbird · Debian: Debian Linux · Sil: Graphite2

2 products

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 52.2.0
Mozilla Firefox	Before 54.0
Mozilla Thunderbird	Before 52.2.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Sil Graphite2	Before 1.3.10

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (40)

http://www.securityfocus.com/bid/99057

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1038689

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:1440

Source: security@mozilla.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:1561

Source: security@mozilla.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:1793

Source: security@mozilla.org

Third Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1349310

Source: security@mozilla.org

Issue TrackingVendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1350047

Source: security@mozilla.org

Issue TrackingVendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1352745

Source: security@mozilla.org

Issue TrackingVendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1352747

Source: security@mozilla.org

Issue TrackingVendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1355174

Source: security@mozilla.org

Issue TrackingVendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1355182

Source: security@mozilla.org

Issue TrackingVendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1356607

Source: security@mozilla.org

Issue TrackingVendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1358551

Source: security@mozilla.org

Issue TrackingVendor Advisory

https://security.gentoo.org/glsa/201710-13

Source: security@mozilla.org

Third Party Advisory

https://www.debian.org/security/2017/dsa-3881

Source: security@mozilla.org

Third Party Advisory

https://www.debian.org/security/2017/dsa-3894

Source: security@mozilla.org

Third Party Advisory

https://www.debian.org/security/2017/dsa-3918

Source: security@mozilla.org

Third Party Advisory

https://www.mozilla.org/security/advisories/mfsa2017-15/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-16/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-17/

Source: security@mozilla.org

Vendor Advisory

http://www.securityfocus.com/bid/99057