CVE-2019-19308

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-19308
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-19308.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-19308
Downstream
Published
2019-11-27T15:15:11.230Z
Modified
2025-11-14T09:26:32.604169Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In texttoglyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that returns NULL).

References

Affected packages

Git / github.com/gnome/gnome-font-viewer

Affected ranges

Type
GIT
Repo
https://github.com/gnome/gnome-font-viewer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f8c6054ea0c0a9586e1a5c0e6460a4c0168c38af

Affected versions

3.*

3.10.0
3.12.0
3.13.90
3.14.0
3.15.90
3.16.0
3.16.2
3.20.0
3.20.2
3.22.0
3.23.91
3.24.0
3.25.90
3.26.0
3.27.0
3.27.90
3.28.0
3.3.2
3.3.2.1
3.3.92
3.30.0
3.32.0
3.33.4
3.33.90
3.34.0
3.4.0
3.5.1
3.5.2
3.5.3
3.5.4
3.5.90
3.5.91
3.5.92
3.6.0
3.7.3
3.7.4
3.7.5
3.7.91
3.8.0
3.9.90

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-19308.json"