Search for packages
| purl | pkg:deb/debian/graphite2@1.3.10-1~deb8u1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-347w-5rsv-tugs
Aliases: CVE-2017-7773 |
Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor. |
Affected by 1 other vulnerability. |
|
VCID-3cp3-cxzm-17bt
Aliases: CVE-2017-7776 |
Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph. |
Affected by 1 other vulnerability. |
|
VCID-4u3g-ucaz-pkfd
Aliases: CVE-2017-7777 |
Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function. |
Affected by 1 other vulnerability. |
|
VCID-cfr5-npdq-j3fm
Aliases: CVE-2017-7771 |
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. |
Affected by 1 other vulnerability. |
|
VCID-czwf-6b9h-uucu
Aliases: CVE-2018-7999 |
In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file. |
Affected by 0 other vulnerabilities. |
|
VCID-m5ne-1n7g-8ka3
Aliases: CVE-2017-7772 |
Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function. |
Affected by 1 other vulnerability. |
|
VCID-mbbs-34nc-gyb4
Aliases: CVE-2017-7778 |
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. |
Affected by 1 other vulnerability. |
|
VCID-stvs-mzq6-27ef
Aliases: CVE-2017-7774 |
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1stj-xuxd-ykbt | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2802
|
| VCID-21wp-eycu-kbfu | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-1977
|
| VCID-29cd-ee2e-eudd | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2800
|
| VCID-347w-5rsv-tugs | Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor. |
CVE-2017-7773
|
| VCID-3cp3-cxzm-17bt | Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph. |
CVE-2017-7776
|
| VCID-3zm4-kw65-5khp | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2791
|
| VCID-4u3g-ucaz-pkfd | Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function. |
CVE-2017-7777
|
| VCID-7xvr-jqtj-a3c7 | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2799
|
| VCID-ab54-wdtp-33ea | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2792
|
| VCID-bez4-avz6-ske4 | Security researcher James Clawson used the Address Sanitizer tool to discover an out-of-bounds write in the Graphite 2 library when loading a crafted Graphite font file. This results in a potentially exploitable crash. |
CVE-2016-1969
|
| VCID-cfr5-npdq-j3fm | Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. |
CVE-2017-7771
|
| VCID-fbup-v86f-97ex | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2801
|
| VCID-j7dr-d5kk-4kdt | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2798
|
| VCID-jxju-q8ue-r7g7 | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2793
|
| VCID-m5ne-1n7g-8ka3 | Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function. |
CVE-2017-7772
|
| VCID-mbbs-34nc-gyb4 | A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. |
CVE-2017-7778
|
| VCID-stvs-mzq6-27ef | Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function. |
CVE-2017-7774
|
| VCID-u62c-xz51-fbd4 | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2790
|
| VCID-u7ae-pca4-j7fp | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2795
|
| VCID-uqhq-r8p1-k7fn | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2797
|
| VCID-wmdm-wzx4-nkhr | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2794
|
| VCID-yrhc-hchg-7kf3 | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2796
|