Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-15	CVE-2017-7777	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function. network mozilla sil CWE-119	6.8
2019-04-15	CVE-2017-7776	Out-of-bounds Read vulnerability in multiple products Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph. network mozilla sil CWE-125	5.8
2019-04-15	CVE-2017-7774	Out-of-bounds Read vulnerability in multiple products Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function. network low complexity mozilla sil CWE-125	6.4
2019-04-15	CVE-2017-7773	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor. network mozilla sil CWE-119	6.8
2019-04-15	CVE-2017-7771	Out-of-bounds Read vulnerability in multiple products Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. network mozilla sil CWE-125	5.8
2019-04-12	CVE-2017-7772	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function. network mozilla sil CWE-119	6.8
2016-02-13	CVE-2016-1523	The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font. network low complexity fedoraproject mozilla sil debian	6.5