A heap-based buffer overflow flaw related to "lz4::decompress" has been reported in graphite2. A remote attacker could exploit this issue to cause a crash, or, possibly, execute arbitrary code.
Name: the Mozilla project
Upstream: Holger Fuhrmannek, Tyson Smith
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2017:1793 https://access.redhat.com/errata/RHSA-2017:1793