Candidate: CVE-2018-7999
PublicDate: 2018-03-09 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7999
Description:
 In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference
 vulnerability was found in Segment.cpp during a dumbRendering operation,
 which may allow attackers to cause a denial of service or possibly have
 unspecified other impact via a crafted .ttf file.
Ubuntu-Description:
Notes:
Bugs:
 https://github.com/silnrsi/graphite/issues/22
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892590
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_graphite2:
 upstream: https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6
upstream_graphite2: released (1.3.11-2)
precise/esm_graphite2: DNE
trusty_graphite2: ignored (reached end-of-life)
trusty/esm_graphite2: needed
xenial_graphite2: ignored (end of standard support, was needed)
esm-infra/xenial_graphite2: needed
artful_graphite2: ignored (reached end-of-life)
bionic_graphite2: not-affected (1.3.11-2)
cosmic_graphite2: not-affected (1.3.11-2)
disco_graphite2: not-affected (1.3.11-2)
eoan_graphite2: not-affected (1.3.11-2)
focal_graphite2: not-affected (1.3.11-2)
groovy_graphite2: not-affected (1.3.11-2)
hirsute_graphite2: not-affected (1.3.11-2)
impish_graphite2: not-affected (1.3.11-2)
jammy_graphite2: not-affected (1.3.11-2)
devel_graphite2: not-affected (1.3.11-2)