CVE-2018-6942

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-6942

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-6942.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-6942

Downstream

ALPINE-CVE-2018-6942

DEBIAN-CVE-2018-6942

SUSE-SU-2020:1353-1

openSUSE-SU-2020:0704-1

openSUSE-SU-2024:10770-1

Related

Published

2018-02-13T05:29:00.267Z

Modified

2025-11-28T03:33:17.572004Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.

References

Affected packages

Git / github.com/aseprite/freetype2

Affected ranges

Type: GIT
Repo: https://github.com/aseprite/freetype2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Git / cgit.git.savannah.gnu.org/cgit/freetype/freetype2.git

Affected ranges

Type: GIT
Repo: https://cgit.git.savannah.gnu.org/cgit/freetype/freetype2.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

29c759284e305ec428703c9a5831d0b1fc3497ef