Denial of Service Vulnerability in Cairo by FreeDesktop
CVE-2017-7475

5.5MEDIUM

Key Information:

Vendor
Red Hat
Status
Cairo
Vendor
CVE Published:
19 May 2017

Summary

Cairo version 1.15.4 is impacted by a vulnerability that allows an attacker to exploit a NULL pointer dereference, specifically during the operations of FT_Load_Glyph and FT_Render_Glyph. This could lead to a denial of service condition, causing the application to crash unexpectedly. Users of this version are advised to apply necessary updates and security patches to mitigate this issue.

Affected Version(s)

Cairo 1.15.4

References

https://bugs.freedesktop.org/show_bug.cgi?id=100763
x_refsource_MISC
http://seclists.org/oss-sec/2017/q2/151
mailing-listx_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.