CVE-2017-7772HIGH
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/
Details
Source: MITRE
Published: 2019-04-12
Updated: 2019-04-15
Type: CWE-119
Risk Information
CVSS v2
Base Score: 6.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3
Base Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.8
Severity: HIGH
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 127347 | NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0110) | Nessus | NewStart CGSL Local Security Checks | critical |
| 127332 | NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0103) | Nessus | NewStart CGSL Local Security Checks | critical |
| 106884 | GLSA-201802-03 : Mozilla Firefox: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
| 104580 | Virtuozzo 7 : graphite2 / graphite2-devel (VZLSA-2017-1793) | Nessus | Virtuozzo Local Security Checks | critical |
| 103848 | GLSA-201710-13 : Graphite: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
| 102679 | Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : graphite2 vulnerabilities (USN-3398-1) | Nessus | Ubuntu Local Security Checks | critical |
| 102546 | Amazon Linux AMI : graphite2 (ALAS-2017-872) | Nessus | Amazon Linux Local Security Checks | critical |
| 102240 | EulerOS 2.0 SP2 : graphite2 (EulerOS-SA-2017-1153) | Nessus | Huawei Local Security Checks | critical |
| 102239 | EulerOS 2.0 SP1 : graphite2 (EulerOS-SA-2017-1152) | Nessus | Huawei Local Security Checks | critical |
| 101983 | Debian DSA-3918-1 : icedove - security update | Nessus | Debian Local Security Checks | critical |
| 101925 | Scientific Linux Security Update : graphite2 on SL7.x x86_64 (20170721) | Nessus | Scientific Linux Local Security Checks | critical |
| 101907 | CentOS 7 : graphite2 (CESA-2017:1793) | Nessus | CentOS Local Security Checks | critical |
| 101883 | RHEL 7 : graphite2 (RHSA-2017:1793) | Nessus | Red Hat Local Security Checks | critical |
| 101878 | Oracle Linux 7 : graphite2 (ELSA-2017-1793) | Nessus | Oracle Linux Local Security Checks | critical |
| 101855 | EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1127) | Nessus | Huawei Local Security Checks | critical |
| 101854 | EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1126) | Nessus | Huawei Local Security Checks | critical |
| 101772 | Mozilla Thunderbird < 52.2 Multiple Vulnerabilities | Nessus | Windows | critical |
| 101771 | Mozilla Thunderbird < 52.2 Multiple Vulnerabilities (macOS) | Nessus | MacOS X Local Security Checks | critical |
| 101485 | Virtuozzo 6 : thunderbird (VZLSA-2017-1561) | Nessus | Virtuozzo Local Security Checks | critical |
| 101480 | Virtuozzo 7 : firefox (VZLSA-2017-1440) | Nessus | Virtuozzo Local Security Checks | critical |
| 101261 | Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : thunderbird vulnerabilities (USN-3321-1) | Nessus | Ubuntu Local Security Checks | critical |
| 101238 | Debian DLA-1013-1 : graphite2 security update | Nessus | Debian Local Security Checks | critical |
| 101208 | Debian DLA-1007-1 : icedove/thunderbird security update | Nessus | Debian Local Security Checks | critical |
| 101011 | Debian DSA-3894-1 : graphite2 - security update | Nessus | Debian Local Security Checks | critical |
| 100984 | Scientific Linux Security Update : thunderbird on SL6.x, SL7.x i386/x86_64 (20170621) | Nessus | Scientific Linux Local Security Checks | critical |
| 100978 | Oracle Linux 6 / 7 : thunderbird (ELSA-2017-1561) | Nessus | Oracle Linux Local Security Checks | critical |
| 100965 | CentOS 6 / 7 : thunderbird (CESA-2017:1561) | Nessus | CentOS Local Security Checks | critical |
| 100950 | RHEL 6 / 7 : thunderbird (RHSA-2017:1561) | Nessus | Red Hat Local Security Checks | critical |
| 100885 | openSUSE Security Update : Mozilla based packages (openSUSE-2017-712) | Nessus | SuSE Local Security Checks | critical |
| 100851 | Debian DLA-991-1 : firefox-esr security update | Nessus | Debian Local Security Checks | critical |
| 100835 | Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : firefox vulnerabilities (USN-3315-1) | Nessus | Ubuntu Local Security Checks | critical |
| 100815 | CentOS 6 / 7 : firefox (CESA-2017:1440) | Nessus | CentOS Local Security Checks | critical |
| 100810 | Mozilla Firefox < 54 Multiple Vulnerabilities | Nessus | Windows | critical |
| 100809 | Mozilla Firefox ESR < 52.2 Multiple Vulnerabilities | Nessus | Windows | critical |
| 100808 | Mozilla Firefox < 54 Multiple Vulnerabilities (macOS) | Nessus | MacOS X Local Security Checks | critical |
| 100807 | Mozilla Firefox ESR < 52.2 Multiple Vulnerabilities (macOS) | Nessus | MacOS X Local Security Checks | critical |
| 100802 | Scientific Linux Security Update : firefox on SL6.x, SL7.x i386/x86_64 (20170614) | Nessus | Scientific Linux Local Security Checks | critical |
| 100801 | RHEL 6 / 7 : firefox (RHSA-2017:1440) | Nessus | Red Hat Local Security Checks | critical |
| 100800 | Oracle Linux 6 / 7 : firefox (ELSA-2017-1440) | Nessus | Oracle Linux Local Security Checks | critical |
| 100797 | Debian DSA-3881-1 : firefox-esr - security update | Nessus | Debian Local Security Checks | critical |
| 700134 | Mozilla Firefox < 54 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |