CVE-2018-6942NULL Pointer Dereference in Freetype

CWE-476NULL Pointer Dereference10 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 58.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
FreetypeDebian FreetypeCanonical Ubuntu Linux
Timeline
PublishedFeb 13
Latest updateMay 13

Description

An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/freetype< freetype 2.9.1-3 (bookworm)
Debianfreetype/freetype< 2.9.1-3+3

Also affects: Ubuntu Linux 17.10

Patches

Patch: git.savannah.gnu.orgPatch: git.savannah.gnu.org

🔴Vulnerability Details

2
GHSA
GHSA-pjfg-6mwr-j367: An issue was discovered in FreeType 2 through 22022-05-13
OSV
CVE-2018-6942: An issue was discovered in FreeType 2 through 22018-02-13

📋Vendor Advisories

3
Ubuntu
FreeType vulnerability2018-02-14
Red Hat
freetype: NULL pointer dereference in the Ins_GETVARIATION() function2018-01-27
Debian
CVE-2018-6942: freetype - An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in...2018

💬Community

4
Bugzilla
Cherry-pick recent security bug fixes from upstream FreeType, while waiting for a new release2018-02-15
Bugzilla
CVE-2018-6942 freetype: NULL pointer dereference in the Ins_GETVARIATION() function [fedora-all]2018-02-13
Bugzilla
CVE-2018-6942 freetype: NULL pointer dereference in the Ins_GETVARIATION() function2018-02-13
Bugzilla
CVE-2018-6942 freetype: NULL pointer dereference in the Ins_GETVARIATION() function [fedora-all]2018-02-13
CVE-2018-6942 — NULL Pointer Dereference in Freetype | cvebase