Every CVE whose affected-product data names Sil Graphite2, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (28)
CVE-2017-7778 — CVSS 9.8 (critical): A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use…
CVE-2017-7774 — CVSS 9.1 (critical): Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.
CVE-2016-1969 — CVSS 8.8 (high): The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote…
CVE-2016-1977 — CVSS 8.8 (high): The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR…
CVE-2016-2790 — CVSS 8.8 (high): The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-2791 — CVSS 8.8 (high): The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before…
CVE-2016-2792 — CVSS 8.8 (high): The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-2793 — CVSS 8.8 (high): CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers…
CVE-2016-2794 — CVSS 8.8 (high): The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox…
CVE-2016-2795 — CVSS 8.8 (high): The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-2796 — CVSS 8.8 (high): Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before…
CVE-2016-2797 — CVSS 8.8 (high): The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR…
CVE-2016-2798 — CVSS 8.8 (high): The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-2799 — CVSS 8.8 (high): Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and…
CVE-2016-2800 — CVSS 8.8 (high): The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-2801 — CVSS 8.8 (high): The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and…
CVE-2016-2802 — CVSS 8.8 (high): The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox…
CVE-2017-5436 — CVSS 8.8 (high): An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially…
CVE-2018-7999 — CVSS 8.8 (high): In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation…
CVE-2016-1522 — CVSS 8.8 (high): Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider…
CVE-2017-7772 — CVSS 8.8 (high): Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.
CVE-2017-7773 — CVSS 8.8 (high): Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.
CVE-2017-7777 — CVSS 8.8 (high): Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.
CVE-2016-1521 — CVSS 8.8 (high): The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x…
CVE-2017-7771 — CVSS 8.1 (high): Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.
CVE-2017-7776 — CVSS 8.1 (high): Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.
CVE-2016-1526 — CVSS 8.1 (high): The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR…
CVE-2016-1523 — CVSS 6.5 (medium): The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR…