A heap-based buffer overflow flaw related to "lz4::decompress" has been reported in graphite2. A remote attacker could exploit this issue to cause a crash, or, possibly, execute arbitrary code.
Acknowledgments: Name: the Mozilla project Upstream: Holger Fuhrmannek, Tyson Smith
External References: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778 https://sourceforge.net/p/silgraphite/mailman/message/35824024/
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:1793 https://access.redhat.com/errata/RHSA-2017:1793