{"id":"CVE-2017-5465","details":"An out-of-bounds read while processing SVG content in \"ConvolvePixel\". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.","modified":"2026-04-16T06:18:54.395353887Z","published":"2018-06-11T21:29:07.250Z","related":["SUSE-SU-2017:1175-1","SUSE-SU-2017:1248-1","SUSE-SU-2017:1669-1","SUSE-SU-2017:2235-1","openSUSE-SU-2017:1268-1","openSUSE-SU-2024:10600-1","openSUSE-SU-2024:10601-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1104"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1106"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2017-10/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2017-11/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2017-12/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/97940"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1038320"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1201"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-3831"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2017-13/"},{"type":"FIX","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1347617"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/42072/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.5"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"fixed":"45.9.0"}]},{"events":[{"introduced":"0"},{"fixed":"53.0"}]},{"events":[{"introduced":"0"},{"last_affected":"52.0"}]},{"events":[{"introduced":"0"},{"fixed":"52.1.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5465.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}