View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-5436 severity moderate: SUSE including 420 source package names (MozillaFirefox, MozillaFirefox-102.11.0-150200.152.87.1, …), 855 product×package rows across 103 product lines (Image SLES12-SP5-Azure-BYOS, Image SLES12-SP5-Azure-Basic-On-Demand, … (103 product lines)): Fixed 590, Known Affected 231, Known Not Affected 34.
An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.