CVE-2018-7999

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-7999
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-7999.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-7999
Downstream
Related
Published
2018-03-09T19:29:01Z
Modified
2025-10-15T10:01:59.342280Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file.

References

Affected packages

Git / github.com/silnrsi/graphite

Affected ranges

Type
GIT
Repo
https://github.com/silnrsi/graphite
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
db132b4731a9b4c9534144ba3a18e65b390e9ff6

Affected versions

0.*

0.9.3
0.9.4

1.*

1.0.1
1.0.2
1.0.3
1.1.0
1.1.1
1.1.2
1.1.3
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0
1.3.1
1.3.10
1.3.11
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9

Release_0.*

Release_0.9

Other

base
coll_1

collisions.*

collisions.phase1

r0.*

r0.9.1

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "source": "https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6",
        "target": {
            "file": "tests/featuremap/featuremaptest.cpp"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "45557804330112046761840796692454864598",
                "339239018738548870102538661265004218891",
                "152040904895986181998920027212731980530",
                "291683047199427433342248253360731718999",
                "126540224544259403410868431026653987212",
                "261298566923864928008557259256889831622",
                "215327211298809200722909396146534392104",
                "121574412151751337347507175834722986430",
                "167091881635065104927793652366277608040",
                "253642130054201179736793167461914205723"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2018-7999-01468328"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6",
        "target": {
            "function": "testFeatTable",
            "file": "tests/featuremap/featuremaptest.cpp"
        },
        "digest": {
            "length": 1356.0,
            "function_hash": "108597234644767815894671441731655332689"
        },
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2018-7999-0832d1e8"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6",
        "target": {
            "function": "main",
            "file": "tests/featuremap/featuremaptest.cpp"
        },
        "digest": {
            "length": 1007.0,
            "function_hash": "216919122123104148674563499779955617193"
        },
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2018-7999-31548286"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6",
        "target": {
            "file": "src/GlyphCache.cpp"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "334062415643696823882316288577106239227",
                "127201139803681889131979069112569570696",
                "190728065589702630015231712240024865109",
                "70109324256403703654129579161646595351",
                "311779508091618762820654303223350044363",
                "82166284561319387915770899776774225878",
                "330829501878671188141890031155160452488",
                "297636526702711338340751636689491850315",
                "325562640795725128506136305343437260502",
                "97986208586701945480199379797962191603",
                "162963097245151190387066213899488170467",
                "205014534579342182634814275731878925068",
                "241923456941726239757221930631797694712",
                "222513538992213739764098995166101130827",
                "242318612881214756335448478736279034889",
                "171300955207710975085364474203435395712",
                "267772929082105770168540915619118674661",
                "212669749554773041065288492700919737623",
                "257257908836840846543442350385388619553",
                "150500972363232610425351126255434123034",
                "142224243898445121043699770568226955793",
                "120496588362375487911580373494738747948",
                "338419973524791075822005230482667064149",
                "314070159263813569634815857726353979208",
                "72700231439647197352191774177008302162",
                "83126960289791941670281134914286553619",
                "166933924848274934421013037443544914471",
                "221600622074035549595875079325659646198",
                "220618579343759157786880081206306566798",
                "129452049395039084251070502460320089419",
                "9710714968838126257488498433188622426",
                "221204819452155068906009977520236567605",
                "197127634459484376222398235031871685760",
                "136618777964637002089955160269762742358",
                "45501315079209187832419343884122030135",
                "172175619060715960909957133325915318188",
                "327929133658926759743973942042390301987",
                "142224243898445121043699770568226955793",
                "228487487311729480589956945187638714661",
                "52938752016006738812178803520588706470",
                "251194844416855327342102782815179344223",
                "21736036505259992513262387377296751984",
                "25152069255254156867797045740509745183",
                "237632241453023744343712777103314509870",
                "254076563978637018675305449771729348597",
                "142224243898445121043699770568226955793",
                "256977729456296570686249715492666707865",
                "141046010674041699873150124657601800199",
                "26866495015336732833132396267341482743",
                "155835325574715666237126651149120168204",
                "289309059710403643869983977346532083196",
                "124952542586097766228895330775862259578",
                "267443521865850401935375897209294033453",
                "88867028978206412487333622656225202154",
                "297590935049630755682587645076629276357"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2018-7999-8f192d3a"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6",
        "target": {
            "function": "load_face",
            "file": "src/gr_face.cpp"
        },
        "digest": {
            "length": 719.0,
            "function_hash": "307411655888743508469966523113602585698"
        },
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2018-7999-b68d03c5"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6",
        "target": {
            "file": "src/gr_face.cpp"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "324085292745864858413845006120228105392",
                "64289261119347629752183118692159840268",
                "153403286026350317772752254672700992130",
                "207844330641512114286149766923689789989",
                "336815949864766228463630708706295272178",
                "239768003249562939556796827973429678109",
                "72093917100817861335729598121975324112",
                "71190239384934586894893868770422492488",
                "38297929771115387896504626829155534756"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2018-7999-bf590603"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6",
        "target": {
            "function": "GlyphCache::Loader::Loader",
            "file": "src/GlyphCache.cpp"
        },
        "digest": {
            "length": 1874.0,
            "function_hash": "224679238210590111996118478292487253959"
        },
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2018-7999-dcf7fb45"
    }
]