The vulnerability of the Graphite 2 rendering software, as well as the Firefox and Firefox ESR browsers, allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the Machine::Code::decoder::analysis::setref function in the Graphite rendering software, used by browsers Firefox and Firefox ESR, arises due to buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure memor...