View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-7778 medium priority: Ubuntu including 3 source packages (firefox, graphite2, thunderbird), 15 status rows across 5 suites (trusty, upstream, xenial, yakkety, zesty): released 14, ignored 1.
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.