CVE-2018-6942
Published: 13 February 2018
An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.
Priority
Medium
CVSS 3 base score: 6.5
Status
| Package | Release | Status |
|---|---|---|
|
freetype Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
|
|
|
Patches: Upstream: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef |
||
Notes
| Author | Note |
|---|---|
| leosilva | for precise/esm, trusty and xenial code affected is not present. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942
- https://usn.ubuntu.com/usn/usn-3572-1
- NVD
- Launchpad
- Debian