EPSS
Percentile
81.7%
A heap-based buffer overflow flaw related to “lz4::decompress” has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code.
bugzilla.redhat.com/show_bug.cgi?id=1472213
sourceforge.net/p/silgraphite/mailman/message/35824024/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778