CVE-2018-7999
Published: 09 March 2018
In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file.
Priority
CVSS 3 base score: 8.8
Status
Package | Release | Status |
---|---|---|
graphite2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(1.3.11-2)
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(1.3.11-2)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(1.3.11-2)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(1.3.11-2)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Needed
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Needed
|
|
Patches: Upstream: https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6 |