Уязвимость записи вне границ в библиотеке Graphite 2 при обработке вредоносного шрифта, приводящая к аварийному завершению работы
Описание
В библиотеке Graphite 2 обнаружена уязвимость, связанная с записью данных вне границ, которая может быть вызвана вредоносно созданным шрифтом Graphite. Это приводит к потенциально эксплуатируемой аварийной остановке работы. Проблема была устранена в библиотеке Graphite 2, а также в продуктах Mozilla.
Затронутые версии ПО
- Thunderbird версий до 52.1
- Firefox ESR версий до 45.9 и до 52.1
- Firefox версий до 53
Тип уязвимости
- Запись данных вне границ
- Возможная DoS атака
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Issue TrackingVendor Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Issue TrackingVendor Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
An out-of-bounds write in the Graphite 2 library triggered with a mali ...
EPSS
8.8 High
CVSS3
6.8 Medium
CVSS2