Vulnerabilities > SIL > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-04-15 CVE-2017-7777 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.
network
mozilla sil CWE-119
6.8
2019-04-15 CVE-2017-7776 Out-of-bounds Read vulnerability in multiple products
Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.
network
mozilla sil CWE-125
5.8
2019-04-15 CVE-2017-7774 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.
network
low complexity
mozilla sil CWE-125
6.4
2019-04-15 CVE-2017-7773 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.
network
mozilla sil CWE-119
6.8
2019-04-15 CVE-2017-7771 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.
network
mozilla sil CWE-125
5.8
2019-04-12 CVE-2017-7772 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.
network
mozilla sil CWE-119
6.8
2016-02-13 CVE-2016-1523 The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.
network
low complexity
fedoraproject mozilla sil debian
6.5