Holger Fuhrmannek and Tyson Smith discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially-crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute arbitrary code.
{ "binaries": [ { "binary_name": "libgraphite2-3", "binary_version": "1.3.10-0ubuntu0.14.04.1" }, { "binary_name": "libgraphite2-dev", "binary_version": "1.3.10-0ubuntu0.14.04.1" } ], "availability": "No subscription required" }
{ "ecosystem": "Ubuntu:14.04:LTS", "cves": [ { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2017-7771" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2017-7772" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2017-7773" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2017-7774" }, { "severity": [ { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2017-7775" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2017-7776" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2017-7777" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2017-7778" } ] }
{ "binaries": [ { "binary_name": "libgraphite2-3", "binary_version": "1.3.10-0ubuntu0.16.04.1" }, { "binary_name": "libgraphite2-dev", "binary_version": "1.3.10-0ubuntu0.16.04.1" } ], "availability": "No subscription required" }
{ "ecosystem": "Ubuntu:16.04:LTS", "cves": [ { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2017-7771" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2017-7772" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2017-7773" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2017-7774" }, { "severity": [ { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2017-7775" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2017-7776" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2017-7777" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2017-7778" } ] }