CVE-2017-7475 — NULL Pointer Dereference in Cairo

CWE-476 — NULL Pointer Dereference10 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 48.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cairographics Cairo RED HAT INC Cairo Debian Cairo

Timeline

PublishedMay 19

Latest updateNov 15

Description

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶RubyGemscairographics/cairo1.15.4 — 1.15.5

▶debiandebian/cairo

▶CVEListV5red_hat_inc/cairo1.15.4

▶NVDcairographics/cairo1.15.4

Patches

Patch: bugs.freedesktop.org ↗Patch: bugs.freedesktop.org ↗

🔴Vulnerability Details

OSV

cairo is vulnerable to denial of service due to a null pointer dereference↗2017-11-15

▶

GHSA

cairo is vulnerable to denial of service due to a null pointer dereference↗2017-11-15

▶

OSV

CVE-2017-7475: Cairo version 1↗2017-05-19

▶

📋Vendor Advisories

Red Hat

cairo: NULL pointer dereference with a crafted font file↗2017-04-23

▶

Debian

CVE-2017-7475: cairo - Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the ...↗2017

▶

💬Community

Bugzilla

CVE-2017-7475 cairo: NULL pointer dereference with a crafted font file [fedora-all]↗2017-05-04

▶

Bugzilla

CVE-2017-7475 cairo: NULL pointer dereference with a crafted font file↗2017-05-04

▶

Bugzilla

CVE-2017-7475 mingw-cairo: cairo: NULL pointer dereference with a crafted font file [fedora-all]↗2017-05-04

▶

Bugzilla

CVE-2017-7475 mingw-cairo: cairo: NULL pointer dereference with a crafted font file [epel-all]↗2017-05-04

▶