ALAS-2017-872 ---- graphite2ID: oval:org.secpod.oval:def:1600751 | Date: (C)2020-11-27 (M)2023-12-20 |
Class: PATCH | Family: unix |
Vulnerabilities in the Graphite 2 library A heap-based buffer overflow flaw related to lz4::decompress has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code. Heap-buffer-overflow write "lz4::decompress" A heap-based buffer overflow flaw related to lz4::decompress has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code. Out of bounds read in "graphite2::Pass::readPass":An out of bounds read flaw related to graphite2::Pass::readPass has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. Heap-buffer-overflow read "graphite2::Silf::getClassGlyph"An out of bounds read flaw related to graphite2::Silf::getClassGlyph has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.Use of uninitialized memory "graphite2::GlyphCache::Loader::read_glyph":The use of uninitialized memory related to graphite2::GlyphCache::Loader::read_glyph has been reported in graphite2. An attacker could possibly exploit this flaw to negatively impact the execution of an application using graphite2 in unknown ways. Out of bounds read "graphite2::Silf::readGraphite"An out of bounds read flaw related to graphite2::Silf::readGraphite has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. Assertion error "size
Platform: |
Amazon Linux AMI |