CVE-2018-7999

Published: Mar 9, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file.

Affected (1)

Products: Sil: Graphite2

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sil Graphite2	Version 1.3.11

Related CWEs

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (8)

https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6

Source: cve@mitre.org

Patch

https://github.com/silnrsi/graphite/issues/22

Source: cve@mitre.org

ExploitThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5F3CK2IPXFCLQZEBEEXONWIABN2E7H2/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LVWOKYZZDEMG6VSG53KAGUOHUIIQ7CND/

Source: cve@mitre.org

https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/silnrsi/graphite/issues/22

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5F3CK2IPXFCLQZEBEEXONWIABN2E7H2/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LVWOKYZZDEMG6VSG53KAGUOHUIIQ7CND/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.