Update the program to version 1.3.10, which is a bugfix release [1]. It
was released May 5th, 2017.

> This release consists only of bug fixes and one minor change to the
> build flags on Intel. The bug fixes are highly recommended and make no
> functional changes to the library.

The Mozilla Mozilla Foundation Security Advisory (MFSA) 2017-16 gives
more information [3].

> A number of security vulnerabilities in the Graphite 2 library
> including out-of-bounds reads, buffer overflow reads and writes, and
> the use of uninitialized memory. These issues were addressed in
> Graphite 2 version 1.3.10.
>
> ### References ###
>
> *   Graphite2 lz4::decompress out of bounds write (CVE-2017-7778)
> *   Graphite2 out of bounds read [@ graphite2::Pass::readPass]
>     (CVE-2017-7771)
> *   Graphite2 heap-buffer-overflow write [@ lz4::decompress]
>     (CVE-2017-7772)
> *   Graphite2 heap-buffer-overflow write [@ lz4::decompress]
>     src/Decompressor (CVE-2017-7773)
> *   Graphite2 out of bounds read [@ graphite2::Silf::readGraphite]
>     (CVE-2017-7774)
> *   Graphite2 Assertion 'size() > n' failed (CVE-2017-7775)
> *   Graphite2 heap-buffer-overflow read [@
>     graphite2::Silf::getClassGlyph] (CVE-2017-7776)
> *   Graphite2 use of uninitialized memory [@
>     graphite2::GlyphCache::Loader::read_glyph] (CVE-2017-7777)

[1] https://github.com/silnrsi/graphite/releases/