Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/97808?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "graphite2", "version": "1.3.14-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.3.14-2", "latest_non_vulnerable_version": "1.3.15-2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1905?format=api", "vulnerability_id": "VCID-3uny-z4bs-9bfk", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2791.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2791.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2791", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68793", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2791" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791", "reference_id": "CVE-2016-2791", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97813?format=api", "purl": "pkg:deb/debian/graphite2@1.3.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2791" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3uny-z4bs-9bfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71755?format=api", "vulnerability_id": "VCID-49qz-y2rr-rkfx", "summary": "In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7999.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7999.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7999", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42569", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7999" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554380", "reference_id": "1554380", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554380" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892590", "reference_id": "892590", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892590" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97815?format=api", "purl": "pkg:deb/debian/graphite2@1.3.11-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.11-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-7999" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-49qz-y2rr-rkfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1903?format=api", "vulnerability_id": "VCID-4hgx-k5jn-ckeu", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1977.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1977.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1977", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00701", "scoring_system": "epss", "scoring_elements": "0.72412", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1977" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977", "reference_id": "CVE-2016-1977", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97813?format=api", "purl": "pkg:deb/debian/graphite2@1.3.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-1977" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4hgx-k5jn-ckeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1907?format=api", "vulnerability_id": "VCID-4r11-gv5n-rbhb", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2793.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2793.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2793", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00562", "scoring_system": "epss", "scoring_elements": "0.68711", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2793" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793", "reference_id": "CVE-2016-2793", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97813?format=api", "purl": "pkg:deb/debian/graphite2@1.3.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2793" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4r11-gv5n-rbhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4541?format=api", "vulnerability_id": "VCID-6pr4-1zfj-9ydj", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7772.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.70337", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472213", "reference_id": "1472213", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472213" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201710-13", "reference_id": "GLSA-201710-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1793", "reference_id": "RHSA-2017:1793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1793" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97814?format=api", "purl": "pkg:deb/debian/graphite2@1.3.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-7772" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6pr4-1zfj-9ydj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1912?format=api", "vulnerability_id": "VCID-86p5-m5xh-wba9", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2798.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2798.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2798", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68793", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2798" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798", "reference_id": "CVE-2016-2798", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97813?format=api", "purl": "pkg:deb/debian/graphite2@1.3.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2798" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-86p5-m5xh-wba9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4537?format=api", "vulnerability_id": "VCID-8hfq-xxg6-tue8", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.70337", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472223", "reference_id": "1472223", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472223" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201710-13", "reference_id": "GLSA-201710-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1793", "reference_id": "RHSA-2017:1793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1793" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97814?format=api", "purl": "pkg:deb/debian/graphite2@1.3.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-7776" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8hfq-xxg6-tue8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1916?format=api", "vulnerability_id": "VCID-9hcm-h8uk-xygz", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2802.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2802.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2802", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68793", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2802" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802", "reference_id": "CVE-2016-2802", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97813?format=api", "purl": "pkg:deb/debian/graphite2@1.3.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2802" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hcm-h8uk-xygz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71752?format=api", "vulnerability_id": "VCID-9ksn-fq5j-jkhz", "summary": "The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1521.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1521.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1521", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00846", "scoring_system": "epss", "scoring_elements": "0.75183", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1305805", "reference_id": "1305805", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1305805" }, { "reference_url": "https://security.gentoo.org/glsa/201701-35", "reference_id": "GLSA-201701-35", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-35" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0197", "reference_id": "RHSA-2016:0197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0258", "reference_id": "RHSA-2016:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0594", "reference_id": "RHSA-2016:0594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0594" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97809?format=api", "purl": "pkg:deb/debian/graphite2@1.3.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-1521" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ksn-fq5j-jkhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1904?format=api", "vulnerability_id": "VCID-a5ee-c6f4-tufu", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2790.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2790.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2790", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68793", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2790" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790", "reference_id": "CVE-2016-2790", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97813?format=api", "purl": "pkg:deb/debian/graphite2@1.3.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2790" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a5ee-c6f4-tufu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4542?format=api", "vulnerability_id": "VCID-abde-jm4w-5yde", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7771.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7771.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.67885", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472212", "reference_id": "1472212", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472212" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201710-13", "reference_id": "GLSA-201710-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1793", "reference_id": "RHSA-2017:1793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1793" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97814?format=api", "purl": "pkg:deb/debian/graphite2@1.3.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-7771" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-abde-jm4w-5yde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1866?format=api", "vulnerability_id": "VCID-ecjy-9yqg-d7g5", "summary": "Security researcher Holger Fuhrmannek reported that a malicious\nGraphite \"smart font\" could circumvent the validation of internal instruction parameters\nin the Graphite 2 library using special CNTXT_ITEM instructions. This could result in\narbitrary code execution.\n This issue affected Graphite 2 version 1.3.4, which was used in the Firefox ESR branch. To address this issue and other security vulnerabilities recently disclosed by Cisco Talos affecting this version of the library, Firefox ESR has been updated to version 1.3.5, the same one used in Firefox 44.\nIn general this flaw cannot be exploited through email in the\nThunderbird product, but is potentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1523.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1523.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1523", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.80354", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1305813", "reference_id": "1305813", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1305813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1523", "reference_id": "CVE-2016-1523", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1523" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-35", "reference_id": "GLSA-201701-35", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-35" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-14", "reference_id": "mfsa2016-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0197", "reference_id": "RHSA-2016:0197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0258", "reference_id": "RHSA-2016:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0594", "reference_id": "RHSA-2016:0594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0594" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97809?format=api", "purl": "pkg:deb/debian/graphite2@1.3.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-1523" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ecjy-9yqg-d7g5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1908?format=api", "vulnerability_id": "VCID-fxjs-kgb3-6bb7", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2794.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2794.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2794", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75641", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2794" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794", "reference_id": "CVE-2016-2794", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97813?format=api", "purl": "pkg:deb/debian/graphite2@1.3.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2794" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fxjs-kgb3-6bb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71754?format=api", "vulnerability_id": "VCID-hqnu-aq9h-gkb4", "summary": "The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1526.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1526.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1526", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00759", "scoring_system": "epss", "scoring_elements": "0.73679", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308590", "reference_id": "1308590", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308590" }, { "reference_url": "https://security.gentoo.org/glsa/201701-35", "reference_id": "GLSA-201701-35", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-35" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0594", "reference_id": "RHSA-2016:0594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0695", "reference_id": "RHSA-2016:0695", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0695" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97809?format=api", "purl": "pkg:deb/debian/graphite2@1.3.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-1526" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hqnu-aq9h-gkb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1906?format=api", "vulnerability_id": "VCID-jubn-vjus-h3e8", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2792.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2792.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2792", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68793", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2792" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792", "reference_id": "CVE-2016-2792", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97813?format=api", "purl": "pkg:deb/debian/graphite2@1.3.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2792" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jubn-vjus-h3e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1913?format=api", "vulnerability_id": "VCID-kcpz-uwq4-skf4", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2799.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2799.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2799", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.711", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2799" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799", "reference_id": "CVE-2016-2799", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97813?format=api", "purl": "pkg:deb/debian/graphite2@1.3.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2799" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kcpz-uwq4-skf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1911?format=api", "vulnerability_id": "VCID-ksda-d24x-8bcf", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2797.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2797.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2797", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00562", "scoring_system": "epss", "scoring_elements": "0.68711", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2797" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797", "reference_id": "CVE-2016-2797", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97813?format=api", "purl": "pkg:deb/debian/graphite2@1.3.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2797" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ksda-d24x-8bcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4536?format=api", "vulnerability_id": "VCID-njra-xv9f-ffck", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7777.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.66125", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472225", "reference_id": "1472225", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472225" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201710-13", "reference_id": "GLSA-201710-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1793", "reference_id": "RHSA-2017:1793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1793" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97814?format=api", "purl": "pkg:deb/debian/graphite2@1.3.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-7777" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-njra-xv9f-ffck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4539?format=api", "vulnerability_id": "VCID-ppw9-56ha-2bhm", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7774.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7774.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00562", "scoring_system": "epss", "scoring_elements": "0.6869", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472219", "reference_id": "1472219", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472219" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201710-13", "reference_id": "GLSA-201710-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1793", "reference_id": "RHSA-2017:1793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1793" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97814?format=api", "purl": "pkg:deb/debian/graphite2@1.3.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-7774" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ppw9-56ha-2bhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1910?format=api", "vulnerability_id": "VCID-s874-n3jb-23h1", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2796.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2796.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2796", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68794", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2796" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796", "reference_id": "CVE-2016-2796", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97813?format=api", "purl": "pkg:deb/debian/graphite2@1.3.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2796" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s874-n3jb-23h1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/654?format=api", "vulnerability_id": "VCID-uh5h-t12y-h3b1", "summary": "A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7778.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7778.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01434", "scoring_system": "epss", "scoring_elements": "0.81029", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7778" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461260", "reference_id": "1461260", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461260" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201710-13", "reference_id": "GLSA-201710-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-13" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1793", "reference_id": "RHSA-2017:1793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1793" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97814?format=api", "purl": "pkg:deb/debian/graphite2@1.3.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-7778" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uh5h-t12y-h3b1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1921?format=api", "vulnerability_id": "VCID-v6sk-vcxm-dudy", "summary": "Security researcher James Clawson used the Address Sanitizer tool to\ndiscover an out-of-bounds write in the Graphite 2 library when loading a crafted Graphite\nfont file. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1969.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1969.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64989", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1969" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317560", "reference_id": "1317560", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317560" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1969", "reference_id": "CVE-2016-1969", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1969" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-38", "reference_id": "mfsa2016-38", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0197", "reference_id": "RHSA-2016:0197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0197" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97813?format=api", "purl": "pkg:deb/debian/graphite2@1.3.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-1969" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v6sk-vcxm-dudy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1915?format=api", "vulnerability_id": "VCID-wd34-8uw6-2uh4", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2801.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2801.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2801", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68793", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2801" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801", "reference_id": "CVE-2016-2801", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97813?format=api", "purl": "pkg:deb/debian/graphite2@1.3.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2801" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wd34-8uw6-2uh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71753?format=api", "vulnerability_id": "VCID-x3k8-ym18-sffm", "summary": "Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1522.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1522.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1522", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02415", "scoring_system": "epss", "scoring_elements": "0.85388", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1305810", "reference_id": "1305810", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1305810" }, { "reference_url": "https://security.gentoo.org/glsa/201701-35", "reference_id": "GLSA-201701-35", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-35" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0197", "reference_id": "RHSA-2016:0197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0258", "reference_id": "RHSA-2016:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0594", "reference_id": "RHSA-2016:0594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0594" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97809?format=api", "purl": "pkg:deb/debian/graphite2@1.3.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-1522" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x3k8-ym18-sffm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1914?format=api", "vulnerability_id": "VCID-xmkv-47hn-43ck", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2800.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2800.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2800", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68793", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2800" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800", "reference_id": "CVE-2016-2800", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97813?format=api", "purl": "pkg:deb/debian/graphite2@1.3.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2800" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xmkv-47hn-43ck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1909?format=api", "vulnerability_id": "VCID-yssr-7m7d-b7fh", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2795.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2795.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68793", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2795" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795", "reference_id": "CVE-2016-2795", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97813?format=api", "purl": "pkg:deb/debian/graphite2@1.3.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2795" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yssr-7m7d-b7fh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4540?format=api", "vulnerability_id": "VCID-zakg-k4hk-fyhm", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7773.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7773.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.70337", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472215", "reference_id": "1472215", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472215" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201710-13", "reference_id": "GLSA-201710-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1793", "reference_id": "RHSA-2017:1793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1793" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97814?format=api", "purl": "pkg:deb/debian/graphite2@1.3.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97810?format=api", "purl": "pkg:deb/debian/graphite2@1.3.14-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:deb/debian/graphite2@1.3.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-7773" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zakg-k4hk-fyhm" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie" }