Vulnerability Description
In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sil | Graphite2 | 1.3.11 |
Related Weaknesses (CWE)
References
- https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9Patch
- https://github.com/silnrsi/graphite/issues/22ExploitThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9Patch
- https://github.com/silnrsi/graphite/issues/22ExploitThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2018-7999?
CVE-2018-7999 is a vulnerability with a CVSS score of 8.8 (HIGH). In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possi...
How severe is CVE-2018-7999?
CVE-2018-7999 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7999?
Check the references section above for vendor advisories and patch information. Affected products include: Sil Graphite2.