In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "low", "binaries": [ { "libgraphite2-3": "1.3.10-0ubuntu0.16.04.1+esm1", "libgraphite2-3-dbgsym": "1.3.10-0ubuntu0.16.04.1+esm1", "libgraphite2-doc": "1.3.10-0ubuntu0.16.04.1+esm1", "libgraphite2-dev": "1.3.10-0ubuntu0.16.04.1+esm1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libgraphite2-3": "1.3.11-2", "libgraphite2-3-dbgsym": "1.3.11-2", "libgraphite2-doc": "1.3.11-2", "libgraphite2-utils-dbgsym": "1.3.11-2", "libgraphite2-dev": "1.3.11-2", "libgraphite2-utils": "1.3.11-2" } ] }