{"id":"CVE-2018-7999","details":"In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file.","modified":"2026-04-16T06:15:24.595344743Z","published":"2018-03-09T19:29:01.133Z","related":["SUSE-SU-2018:0858-1","openSUSE-SU-2024:10820-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LVWOKYZZDEMG6VSG53KAGUOHUIIQ7CND/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5F3CK2IPXFCLQZEBEEXONWIABN2E7H2/"},{"type":"FIX","url":"https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6"},{"type":"EVIDENCE","url":"https://github.com/silnrsi/graphite/issues/22"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/silnrsi/graphite","events":[{"introduced":"0"},{"last_affected":"ec0bb4b5f3915867bd33a04459e4a3ff0f3ebb9e"},{"fixed":"db132b4731a9b4c9534144ba3a18e65b390e9ff6"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.3.11"}]}}],"versions":["0.9.3","0.9.4","1.0.1","1.2.1","1.2.2","1.2.3","1.2.4","1.3.0","1.3.1","1.3.11","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","Release_0.9","base","r0.9.1"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["45557804330112046761840796692454864598","339239018738548870102538661265004218891","152040904895986181998920027212731980530","291683047199427433342248253360731718999","126540224544259403410868431026653987212","261298566923864928008557259256889831622","215327211298809200722909396146534392104","121574412151751337347507175834722986430","167091881635065104927793652366277608040","253642130054201179736793167461914205723"]},"deprecated":false,"target":{"file":"tests/featuremap/featuremaptest.cpp"},"source":"https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6","signature_type":"Line","id":"CVE-2018-7999-01468328"},{"signature_version":"v1","digest":{"length":1356,"function_hash":"108597234644767815894671441731655332689"},"deprecated":false,"target":{"file":"tests/featuremap/featuremaptest.cpp","function":"testFeatTable"},"source":"https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6","signature_type":"Function","id":"CVE-2018-7999-0832d1e8"},{"signature_version":"v1","digest":{"length":1007,"function_hash":"216919122123104148674563499779955617193"},"source":"https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6","target":{"file":"tests/featuremap/featuremaptest.cpp","function":"main"},"deprecated":false,"signature_type":"Function","id":"CVE-2018-7999-31548286"},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["334062415643696823882316288577106239227","127201139803681889131979069112569570696","190728065589702630015231712240024865109","70109324256403703654129579161646595351","311779508091618762820654303223350044363","82166284561319387915770899776774225878","330829501878671188141890031155160452488","297636526702711338340751636689491850315","325562640795725128506136305343437260502","97986208586701945480199379797962191603","162963097245151190387066213899488170467","205014534579342182634814275731878925068","241923456941726239757221930631797694712","222513538992213739764098995166101130827","242318612881214756335448478736279034889","171300955207710975085364474203435395712","267772929082105770168540915619118674661","212669749554773041065288492700919737623","257257908836840846543442350385388619553","150500972363232610425351126255434123034","142224243898445121043699770568226955793","120496588362375487911580373494738747948","338419973524791075822005230482667064149","314070159263813569634815857726353979208","72700231439647197352191774177008302162","83126960289791941670281134914286553619","166933924848274934421013037443544914471","221600622074035549595875079325659646198","220618579343759157786880081206306566798","129452049395039084251070502460320089419","9710714968838126257488498433188622426","221204819452155068906009977520236567605","197127634459484376222398235031871685760","136618777964637002089955160269762742358","45501315079209187832419343884122030135","172175619060715960909957133325915318188","327929133658926759743973942042390301987","142224243898445121043699770568226955793","228487487311729480589956945187638714661","52938752016006738812178803520588706470","251194844416855327342102782815179344223","21736036505259992513262387377296751984","25152069255254156867797045740509745183","237632241453023744343712777103314509870","254076563978637018675305449771729348597","142224243898445121043699770568226955793","256977729456296570686249715492666707865","141046010674041699873150124657601800199","26866495015336732833132396267341482743","155835325574715666237126651149120168204","289309059710403643869983977346532083196","124952542586097766228895330775862259578","267443521865850401935375897209294033453","88867028978206412487333622656225202154","297590935049630755682587645076629276357"]},"deprecated":false,"target":{"file":"src/GlyphCache.cpp"},"source":"https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6","signature_type":"Line","id":"CVE-2018-7999-8f192d3a"},{"deprecated":false,"signature_version":"v1","source":"https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6","target":{"file":"src/gr_face.cpp","function":"load_face"},"digest":{"length":719,"function_hash":"307411655888743508469966523113602585698"},"signature_type":"Function","id":"CVE-2018-7999-b68d03c5"},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["324085292745864858413845006120228105392","64289261119347629752183118692159840268","153403286026350317772752254672700992130","207844330641512114286149766923689789989","336815949864766228463630708706295272178","239768003249562939556796827973429678109","72093917100817861335729598121975324112","71190239384934586894893868770422492488","38297929771115387896504626829155534756"]},"deprecated":false,"target":{"file":"src/gr_face.cpp"},"source":"https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6","signature_type":"Line","id":"CVE-2018-7999-bf590603"},{"deprecated":false,"signature_version":"v1","source":"https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6","target":{"file":"src/GlyphCache.cpp","function":"GlyphCache::Loader::Loader"},"digest":{"length":1874,"function_hash":"224679238210590111996118478292487253959"},"signature_type":"Function","id":"CVE-2018-7999-dcf7fb45"}],"vanir_signatures_modified":"2026-04-11T08:05:22Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7999.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}