NULL Pointer Dereference in graphite2

Do your applications use this vulnerable package? Test your applications

Overview

In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file.

References

Debian Security Tracker
Fedora Security Update
Fedora Security Update
GitHub Commit
GitHub Issue
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2018-7999
CWE: CWE-476
Snyk ID: SNYK-DEBIAN9-GRAPHITE2-339766
Disclosed: 09 Mar, 2018
Published: 09 Mar, 2018

NULL Pointer Dereference
Affecting graphite2 package, versions *

Overview

References

CVSS Score

NULL Pointer Dereference Affecting graphite2 package, versions *

Overview

References

NULL Pointer Dereference
Affecting graphite2 package, versions *