cairo NULL pointer dereference
Published: November 15, 2017
SECURITY IDENTIFIERS
- CVE: CVE-2017-7475 (NVD)
- GHSA: GHSA-5v3f-73gv-x7x5
- Vendor Advisory: https://bugs.freedesktop.org/show_bug.cgi?id=100763
GEM
SEVERITY
CVSS v3.x: 5.5 (Medium)
PATCHED VERSIONS
>= 1.15.5
DESCRIPTION
Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.