CVE-2018-7999 — NULL Pointer Dereference in Graphite2

CWE-476 — NULL Pointer Dereference9 documents8 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 57.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SIL Graphite2

Timeline

PublishedMar 9

Latest updateOct 5

Description

In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶Debiansil/graphite2< 1.3.11-2+3

▶NVDsil/graphite21.3.11

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-7p2q-34x4-g48j: In libgraphite2 in graphite2 1↗2022-05-14

▶

CVEList

CVE-2018-7999: In libgraphite2 in graphite2 1↗2018-03-09

▶

OSV

CVE-2018-7999: In libgraphite2 in graphite2 1↗2018-03-09

▶

📋Vendor Advisories

Ubuntu

Graphite2 vulnerability↗2022-10-05

▶

Red Hat

graphite2: NULL pointer dereference in Segment.cpp in libgraphite2↗2018-03-05

▶

Debian

CVE-2018-7999: graphite2 - In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability wa...↗2018

▶

💬Community

Bugzilla

CVE-2018-7999 graphite2: NULL pointer dereference in Segment.cpp in libgraphite2↗2018-03-12

▶

Bugzilla

CVE-2018-7999 graphite2: NULL pointer dereference in Segment.cpp in libgraphite2 [fedora-all]↗2018-03-12

▶