Medium severity6.5NVD Advisory· Published Feb 13, 2018· Updated Jun 17, 2026
CVE-2018-6942
CVE-2018-6942
Description
An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.
Affected products
5- osv-coords4 versionspkg:rpm/opensuse/freetype2&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/freetype2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ft2demos&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/freetype2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1
< 2.10.1-lp151.4.3.1+ 3 more
- (no CPE)range: < 2.10.1-lp151.4.3.1
- (no CPE)range: < 2.11.0-1.2
- (no CPE)range: < 2.10.1-lp151.4.3.1
- (no CPE)range: < 2.10.1-4.3.1
Patches
Vulnerability mechanics
References
5- git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/nvdPatchThird Party Advisory
- bugs.chromium.org/p/oss-fuzz/issues/detailnvdThird Party Advisory
- usn.ubuntu.com/3572-1/nvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.htmlnvd
- www.oracle.com/security-alerts/cpuapr2020.htmlnvd
News mentions
0No linked articles in our index yet.