CVE-2018-7999
published 2018-03-09CVE-2018-7999: In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow…
high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | graphite2 | < graphite2 1.3.11-2 (bookworm) | graphite2 1.3.11-2 (bookworm) |
| sil | graphite2 | — | — |
| sil | graphite2 | >= 0 < 1.3.11-2 | 1.3.11-2 |
| sil | graphite2 | >= 0 < 1.3.11-2 | 1.3.11-2 |
| sil | graphite2 | >= 0 < 1.3.11-2 | 1.3.11-2 |
| sil | graphite2 | >= 0 < 1.3.11-2 | 1.3.11-2 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH