cvelistv5 - cve-2018-6942

CVE-2018-6942 (GCVE-0-2018-6942)

Vulnerability from cvelistv5

Published

2018-02-13 05:00

Modified

2024-08-05 06:17

Severity ?

CWE

Summary

An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html
cve@mitre.org	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736	Third Party Advisory
cve@mitre.org	https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef	Patch, Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/3572-1/	Third Party Advisory
cve@mitre.org	https://www.oracle.com/security-alerts/cpuapr2020.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html
af854a3a-2127-422b-91ae-364da2661108	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3572-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2020.html

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:17:17.091Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736"
          },
          {
            "name": "USN-3572-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3572-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "name": "openSUSE-SU-2020:0704",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-02-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-05-23T23:06:04",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736"
        },
        {
          "name": "USN-3572-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3572-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "name": "openSUSE-SU-2020:0704",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-6942",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef",
              "refsource": "MISC",
              "url": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef"
            },
            {
              "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736",
              "refsource": "MISC",
              "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736"
            },
            {
              "name": "USN-3572-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3572-1/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "openSUSE-SU-2020:0704",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-6942",
    "datePublished": "2018-02-13T05:00:00",
    "dateReserved": "2018-02-12T00:00:00",
    "dateUpdated": "2024-08-05T06:17:17.091Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-6942\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-02-13T05:29:00.267\",\"lastModified\":\"2024-11-21T04:11:27.543\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema hasta la versi\u00f3n 2.9 de FreeType 2. Una desreferencia de puntero NULL en la funci\u00f3n Ins_GETVARIATION() en ttinterp.c podr\u00eda conducir a DoS mediante un archivo de fuentes manipulado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.9\",\"matchCriteriaId\":\"C079B991-75F4-471A-8F9B-9561EBF07A3A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9070C9D8-A14A-467F-8253-33B966C16886\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3572-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3572-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

cnvd-2018-05683

Vulnerability from cnvd

Title: FreeType 2空指针解引用漏洞

Description:

FreeType 2是一种软件字体引擎，特点是小巧、高效、高度可定制及可移植，同时能产生高质量输出（字形图像）。

FreeType 2中的ttinterp.c中的Ins_GETVARIATION()函数存在空指针解引用漏洞。攻击者可通过特制字体文件利用该漏洞导致拒绝服务。

Severity: 中

Patch Name: FreeType 2空指针解引用漏洞的补丁

Patch Description:

FreeType 2是一种软件字体引擎，特点是小巧、高效、高度可定制及可移植，同时能产生高质量输出（字形图像）。

FreeType 2中的ttinterp.c中的Ins_GETVARIATION()函数存在空指针解引用漏洞。攻击者可通过特制字体文件利用该漏洞导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布漏洞修复程序，请及时关注更新： https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef

Reference: https://nvd.nist.gov/vuln/detail/CVE-2018-6942

Impacted products

Name
FreeType FreeType 2 <=2.9

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-6942"
    }
  },
  "description": "FreeType 2\u662f\u4e00\u79cd\u8f6f\u4ef6\u5b57\u4f53\u5f15\u64ce\uff0c\u7279\u70b9\u662f\u5c0f\u5de7\u3001\u9ad8\u6548\u3001\u9ad8\u5ea6\u53ef\u5b9a\u5236\u53ca\u53ef\u79fb\u690d\uff0c\u540c\u65f6\u80fd\u4ea7\u751f\u9ad8\u8d28\u91cf\u8f93\u51fa\uff08\u5b57\u5f62\u56fe\u50cf\uff09\u3002\r\n\r\nFreeType 2\u4e2d\u7684ttinterp.c\u4e2d\u7684Ins_GETVARIATION()\u51fd\u6570\u5b58\u5728\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236\u5b57\u4f53\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "ClusterFuzz-External",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-05683",
  "openTime": "2018-03-20",
  "patchDescription": "FreeType 2\u662f\u4e00\u79cd\u8f6f\u4ef6\u5b57\u4f53\u5f15\u64ce\uff0c\u7279\u70b9\u662f\u5c0f\u5de7\u3001\u9ad8\u6548\u3001\u9ad8\u5ea6\u53ef\u5b9a\u5236\u53ca\u53ef\u79fb\u690d\uff0c\u540c\u65f6\u80fd\u4ea7\u751f\u9ad8\u8d28\u91cf\u8f93\u51fa\uff08\u5b57\u5f62\u56fe\u50cf\uff09\u3002\r\n\r\nFreeType 2\u4e2d\u7684ttinterp.c\u4e2d\u7684Ins_GETVARIATION()\u51fd\u6570\u5b58\u5728\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236\u5b57\u4f53\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "FreeType 2\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "FreeType FreeType 2 \u003c=2.9"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-6942",
  "serverity": "\u4e2d",
  "submitTime": "2018-02-13",
  "title": "FreeType 2\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e"
}

opensuse-su-2020:0704-1

Vulnerability from csaf_opensuse

Published

2020-05-23 18:14

Modified

2020-05-23 18:14

Summary

Security update for freetype2

Notes

Title of the patch

Security update for freetype2

Description of the patch

This update for freetype2 to version 2.10.1 fixes the following issues: Security issue fixed: - CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c (bsc#1079603). Non-security issues fixed: - Update to version 2.10.1 * The bytecode hinting of OpenType variation fonts was flawed, since the data in the `CVAR' table wasn't correctly applied. * Auto-hinter support for Mongolian. * The handling of the default character in PCF fonts as introduced in version 2.10.0 was partially broken, causing premature abortion of charmap iteration for many fonts. * If `FT_Set_Named_Instance' was called with the same arguments twice in a row, the function returned an incorrect error code the second time. * Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug introduced in version 2.10.0). * Increased precision while computing OpenType font variation instances. * The flattening algorithm of cubic Bezier curves was slightly changed to make it faster. This can cause very subtle rendering changes, which aren't noticeable by the eye, however. * The auto-hinter now disables hinting if there are blue zones defined for a `style' (i.e., a certain combination of a script and its related typographic features) but the font doesn't contain any characters needed to set up at least one blue zone. - Add tarball signatures and freetype2.keyring - Update to version 2.10.0 * A bunch of new functions has been added to access and process COLR/CPAL data of OpenType fonts with color-layered glyphs. * As a GSoC 2018 project, Nikhil Ramakrishnan completely overhauled and modernized the API reference. * The logic for computing the global ascender, descender, and height of OpenType fonts has been slightly adjusted for consistency. * `TT_Set_MM_Blend' could fail if called repeatedly with the same arguments. * The precision of handling deltas in Variation Fonts has been increased.The problem did only show up with multidimensional designspaces. * New function `FT_Library_SetLcdGeometry' to set up the geometry of LCD subpixels. * FreeType now uses the `defaultChar' property of PCF fonts to set the glyph for the undefined character at glyph index 0 (as FreeType already does for all other supported font formats). As a consequence, the order of glyphs of a PCF font if accessed with FreeType can be different now compared to previous versions. This change doesn't affect PCF font access with cmaps. * `FT_Select_Charmap' has been changed to allow parameter value `FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT formats to access built-in cmaps that don't have a predefined `FT_Encoding' value. * A previously reserved field in the `FT_GlyphSlotRec' structure now holds the glyph index. * The usual round of fuzzer bug fixes to better reject malformed fonts. * `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have been removed.These two functions were public by oversight only and were never documented. * A new function `FT_Error_String' returns descriptions of error codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is defined. * `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector' are new functions limited to Adobe MultiMaster fonts to directly set and get the weight vector. - Enable subpixel rendering with infinality config: - Re-enable freetype-config, there is just too many fallouts. - Update to version 2.9.1 * Type 1 fonts containing flex features were not rendered correctly (bug introduced in version 2.9). * CVE-2018-6942: Older FreeType versions can crash with certain malformed variation fonts. * Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage. * Emboldening of bitmaps didn't work correctly sometimes, showing various artifacts (bug introduced in version 2.8.1). * The auto-hinter script ranges have been updated for Unicode 11. No support for new scripts have been added, however, with the exception of Georgian Mtavruli. - freetype-config is now deprecated by upstream and not enabled by default. - Update to version 2.10.1 * The `ftmulti' demo program now supports multiple hidden axes with the same name tag. * `ftview', `ftstring', and `ftgrid' got a `-k' command line option to emulate a sequence of keystrokes at start-up. * `ftview', `ftstring', and `ftgrid' now support screen dumping to a PNG file. * The bytecode debugger, `ttdebug', now supports variation TrueType fonts; a variation font instance can be selected with the new `-d' command line option. - Add tarball signatures and freetype2.keyring - Update to version 2.10.0 * The `ftdump' demo program has new options `-c' and `-C' to display charmaps in compact and detailed format, respectively. Option `-V' has been removed. * The `ftview', `ftstring', and `ftgrid' demo programs use a new command line option `-d' to specify the program window's width, height, and color depth. * The `ftview' demo program now displays red boxes for zero-width glyphs. * `ftglyph' has limited support to display fonts with color-layered glyphs.This will be improved later on. * `ftgrid' can now display bitmap fonts also. * The `ttdebug' demo program has a new option `-f' to select a member of a TrueType collection (TTC). * Other various improvements to the demo programs. - Remove 'Supplements: fonts-config' to avoid accidentally pulling in Qt dependencies on some non-Qt based desktops.(bsc#1091109) fonts-config is fundamental but ft2demos seldom installs by end users. only fonts-config maintainers/debuggers may use ft2demos along to debug some issues. - Update to version 2.9.1 * No changelog upstream. This update was imported from the SUSE:SLE-15:Update update project.

Patchnames

openSUSE-2020-704

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for freetype2",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for freetype2 to version 2.10.1 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c (bsc#1079603).\n\nNon-security issues fixed:\n\n- Update to version 2.10.1\n  * The bytecode hinting of OpenType variation fonts was flawed, since\n    the data in the `CVAR\u0027 table wasn\u0027t correctly applied.\n  * Auto-hinter support for Mongolian.\n  * The handling of  the default character in PCF fonts as  introduced\n    in version 2.10.0 was partially broken, causing premature abortion\n    of charmap iteration for many fonts.\n  * If  `FT_Set_Named_Instance\u0027 was  called  with  the same  arguments\n    twice in a row, the function  returned an incorrect error code the\n    second time.\n  * Direct   rendering   using  FT_RASTER_FLAG_DIRECT   crashed   (bug\n    introduced in version 2.10.0).\n  * Increased  precision  while  computing  OpenType  font   variation\n    instances.\n  * The  flattening  algorithm of  cubic  Bezier  curves was  slightly\n    changed to make  it faster.  This can cause  very subtle rendering\n    changes, which aren\u0027t noticeable by the eye, however.\n  * The  auto-hinter  now  disables hinting  if there  are blue  zones\n    defined for a `style\u0027 (i.e., a certain combination of a script and\n    its related typographic features) but the font doesn\u0027t contain any\n    characters needed to set up at least one blue zone.\n- Add tarball signatures and freetype2.keyring\n\n- Update to version 2.10.0\n  * A bunch of new functions has been added to access and process\n    COLR/CPAL data of OpenType fonts with color-layered glyphs.\n  * As a GSoC 2018 project, Nikhil Ramakrishnan completely\n    overhauled and modernized the API reference.\n  * The logic for computing the global ascender, descender, and\n    height of OpenType fonts has been slightly adjusted for\n    consistency.\n  * `TT_Set_MM_Blend\u0027 could fail if called repeatedly with the same\n    arguments.\n  * The precision of handling deltas in Variation Fonts has been\n    increased.The problem did only show up with multidimensional\n    designspaces.\n  * New function `FT_Library_SetLcdGeometry\u0027 to set up the geometry\n    of LCD subpixels.\n  * FreeType now uses the `defaultChar\u0027 property of PCF fonts to set\n    the  glyph for  the undefined  character  at glyph  index 0  (as\n    FreeType already does for all other supported font formats).  As\n    a consequence, the order of glyphs of a PCF font if accessed\n    with  FreeType can be different now compared to previous\n    versions.\n    This change doesn\u0027t affect PCF font access with cmaps.\n  * `FT_Select_Charmap\u0027 has been changed to allow  parameter value\n    `FT_ENCODING_NONE\u0027, which is valid for BDF, PCF, and Windows FNT\n    formats to access built-in cmaps that don\u0027t have a predefined\n    `FT_Encoding\u0027 value.\n  * A previously reserved field in the `FT_GlyphSlotRec\u0027 structure\n    now holds the glyph index.\n  * The usual round of fuzzer bug fixes to better reject malformed\n    fonts.\n  * `FT_Outline_New_Internal\u0027 and `FT_Outline_Done_Internal\u0027 have\n    been removed.These two functions were public by oversight only\n    and were never documented.\n  * A new function `FT_Error_String\u0027 returns descriptions of error\n    codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is\n    defined.\n  * `FT_Set_MM_WeightVector\u0027 and `FT_Get_MM_WeightVector\u0027 are new\n    functions limited to Adobe MultiMaster fonts to directly set and\n    get the weight vector.\n\n- Enable subpixel rendering with infinality config:\n\n- Re-enable freetype-config, there is just too many fallouts. \n\n- Update to version 2.9.1\n  * Type 1 fonts containing flex features were not rendered\n    correctly (bug introduced in version 2.9).\n  * CVE-2018-6942: Older FreeType versions can crash with certain\n    malformed variation fonts.\n  * Bug fix: Multiple calls to `FT_Get_MM_Var\u0027 returned garbage.\n  * Emboldening of bitmaps didn\u0027t work correctly sometimes, showing\n    various artifacts (bug introduced in version 2.8.1).\n  * The auto-hinter script ranges have  been updated for Unicode 11.\n    No support for new scripts have been added, however,  with the\n    exception of Georgian Mtavruli.\n- freetype-config is now deprecated by upstream and not enabled\n  by default.\n\n- Update to version 2.10.1\n  * The `ftmulti\u0027 demo program now  supports multiple hidden axes with\n    the same name tag.\n  * `ftview\u0027, `ftstring\u0027, and `ftgrid\u0027 got  a `-k\u0027 command line option\n    to emulate a sequence of keystrokes at start-up.\n  * `ftview\u0027, `ftstring\u0027, and `ftgrid\u0027 now support screen dumping to a\n    PNG file.\n  * The bytecode debugger, `ttdebug\u0027,  now supports variation TrueType\n    fonts; a variation font instance can be selected with the new `-d\u0027\n    command line option.\n- Add tarball signatures and freetype2.keyring\n\n- Update to version 2.10.0\n  * The  `ftdump\u0027 demo  program has new options `-c\u0027  and `-C\u0027  to\n    display charmaps in compact and detailed format, respectively.\n    Option `-V\u0027 has been removed.\n  * The `ftview\u0027, `ftstring\u0027, and `ftgrid\u0027 demo programs use a new\n    command line option `-d\u0027 to specify the program window\u0027s width,\n    height, and color depth.\n  * The `ftview\u0027 demo program now displays red boxes for zero-width\n    glyphs.\n  * `ftglyph\u0027 has limited support to display fonts with\n    color-layered glyphs.This will be improved later on.\n  * `ftgrid\u0027 can now display bitmap fonts also.\n  * The `ttdebug\u0027 demo program has a new option `-f\u0027 to select a\n    member of a TrueType collection (TTC).\n  * Other various improvements to the demo programs.\n\n- Remove \u0027Supplements: fonts-config\u0027 to avoid accidentally pulling\n  in Qt dependencies on some non-Qt based desktops.(bsc#1091109)\n  fonts-config is fundamental but ft2demos seldom installs by end users.\n  only fonts-config maintainers/debuggers may use ft2demos along to\n  debug some issues. \n\n- Update to version 2.9.1\n  * No changelog upstream.\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-704",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0704-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:0704-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7HRHABTHHJKCUCCIG4MN5VYZ47BLAVKH/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:0704-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7HRHABTHHJKCUCCIG4MN5VYZ47BLAVKH/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1079603",
        "url": "https://bugzilla.suse.com/1079603"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1091109",
        "url": "https://bugzilla.suse.com/1091109"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-6942 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-6942/"
      }
    ],
    "title": "Security update for freetype2",
    "tracking": {
      "current_release_date": "2020-05-23T18:14:34Z",
      "generator": {
        "date": "2020-05-23T18:14:34Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:0704-1",
      "initial_release_date": "2020-05-23T18:14:34Z",
      "revision_history": [
        {
          "date": "2020-05-23T18:14:34Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freetype2-devel-2.10.1-lp151.4.3.1.i586",
                "product": {
                  "name": "freetype2-devel-2.10.1-lp151.4.3.1.i586",
                  "product_id": "freetype2-devel-2.10.1-lp151.4.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libfreetype6-2.10.1-lp151.4.3.1.i586",
                "product": {
                  "name": "libfreetype6-2.10.1-lp151.4.3.1.i586",
                  "product_id": "libfreetype6-2.10.1-lp151.4.3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freetype2-profile-tti35-2.10.1-lp151.4.3.1.noarch",
                "product": {
                  "name": "freetype2-profile-tti35-2.10.1-lp151.4.3.1.noarch",
                  "product_id": "freetype2-profile-tti35-2.10.1-lp151.4.3.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freetype2-devel-2.10.1-lp151.4.3.1.x86_64",
                "product": {
                  "name": "freetype2-devel-2.10.1-lp151.4.3.1.x86_64",
                  "product_id": "freetype2-devel-2.10.1-lp151.4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "freetype2-devel-32bit-2.10.1-lp151.4.3.1.x86_64",
                "product": {
                  "name": "freetype2-devel-32bit-2.10.1-lp151.4.3.1.x86_64",
                  "product_id": "freetype2-devel-32bit-2.10.1-lp151.4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ft2demos-2.10.1-lp151.4.3.1.x86_64",
                "product": {
                  "name": "ft2demos-2.10.1-lp151.4.3.1.x86_64",
                  "product_id": "ft2demos-2.10.1-lp151.4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ftbench-2.10.1-lp151.4.3.1.x86_64",
                "product": {
                  "name": "ftbench-2.10.1-lp151.4.3.1.x86_64",
                  "product_id": "ftbench-2.10.1-lp151.4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ftdiff-2.10.1-lp151.4.3.1.x86_64",
                "product": {
                  "name": "ftdiff-2.10.1-lp151.4.3.1.x86_64",
                  "product_id": "ftdiff-2.10.1-lp151.4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ftdump-2.10.1-lp151.4.3.1.x86_64",
                "product": {
                  "name": "ftdump-2.10.1-lp151.4.3.1.x86_64",
                  "product_id": "ftdump-2.10.1-lp151.4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ftgamma-2.10.1-lp151.4.3.1.x86_64",
                "product": {
                  "name": "ftgamma-2.10.1-lp151.4.3.1.x86_64",
                  "product_id": "ftgamma-2.10.1-lp151.4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ftgrid-2.10.1-lp151.4.3.1.x86_64",
                "product": {
                  "name": "ftgrid-2.10.1-lp151.4.3.1.x86_64",
                  "product_id": "ftgrid-2.10.1-lp151.4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ftinspect-2.10.1-lp151.4.3.1.x86_64",
                "product": {
                  "name": "ftinspect-2.10.1-lp151.4.3.1.x86_64",
                  "product_id": "ftinspect-2.10.1-lp151.4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ftlint-2.10.1-lp151.4.3.1.x86_64",
                "product": {
                  "name": "ftlint-2.10.1-lp151.4.3.1.x86_64",
                  "product_id": "ftlint-2.10.1-lp151.4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ftmulti-2.10.1-lp151.4.3.1.x86_64",
                "product": {
                  "name": "ftmulti-2.10.1-lp151.4.3.1.x86_64",
                  "product_id": "ftmulti-2.10.1-lp151.4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ftstring-2.10.1-lp151.4.3.1.x86_64",
                "product": {
                  "name": "ftstring-2.10.1-lp151.4.3.1.x86_64",
                  "product_id": "ftstring-2.10.1-lp151.4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ftvalid-2.10.1-lp151.4.3.1.x86_64",
                "product": {
                  "name": "ftvalid-2.10.1-lp151.4.3.1.x86_64",
                  "product_id": "ftvalid-2.10.1-lp151.4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ftview-2.10.1-lp151.4.3.1.x86_64",
                "product": {
                  "name": "ftview-2.10.1-lp151.4.3.1.x86_64",
                  "product_id": "ftview-2.10.1-lp151.4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libfreetype6-2.10.1-lp151.4.3.1.x86_64",
                "product": {
                  "name": "libfreetype6-2.10.1-lp151.4.3.1.x86_64",
                  "product_id": "libfreetype6-2.10.1-lp151.4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libfreetype6-32bit-2.10.1-lp151.4.3.1.x86_64",
                "product": {
                  "name": "libfreetype6-32bit-2.10.1-lp151.4.3.1.x86_64",
                  "product_id": "libfreetype6-32bit-2.10.1-lp151.4.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1",
                "product": {
                  "name": "openSUSE Leap 15.1",
                  "product_id": "openSUSE Leap 15.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype2-devel-2.10.1-lp151.4.3.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:freetype2-devel-2.10.1-lp151.4.3.1.i586"
        },
        "product_reference": "freetype2-devel-2.10.1-lp151.4.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype2-devel-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:freetype2-devel-2.10.1-lp151.4.3.1.x86_64"
        },
        "product_reference": "freetype2-devel-2.10.1-lp151.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype2-devel-32bit-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:freetype2-devel-32bit-2.10.1-lp151.4.3.1.x86_64"
        },
        "product_reference": "freetype2-devel-32bit-2.10.1-lp151.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype2-profile-tti35-2.10.1-lp151.4.3.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:freetype2-profile-tti35-2.10.1-lp151.4.3.1.noarch"
        },
        "product_reference": "freetype2-profile-tti35-2.10.1-lp151.4.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ft2demos-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:ft2demos-2.10.1-lp151.4.3.1.x86_64"
        },
        "product_reference": "ft2demos-2.10.1-lp151.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ftbench-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:ftbench-2.10.1-lp151.4.3.1.x86_64"
        },
        "product_reference": "ftbench-2.10.1-lp151.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ftdiff-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:ftdiff-2.10.1-lp151.4.3.1.x86_64"
        },
        "product_reference": "ftdiff-2.10.1-lp151.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ftdump-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:ftdump-2.10.1-lp151.4.3.1.x86_64"
        },
        "product_reference": "ftdump-2.10.1-lp151.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ftgamma-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:ftgamma-2.10.1-lp151.4.3.1.x86_64"
        },
        "product_reference": "ftgamma-2.10.1-lp151.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ftgrid-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:ftgrid-2.10.1-lp151.4.3.1.x86_64"
        },
        "product_reference": "ftgrid-2.10.1-lp151.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ftinspect-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:ftinspect-2.10.1-lp151.4.3.1.x86_64"
        },
        "product_reference": "ftinspect-2.10.1-lp151.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ftlint-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:ftlint-2.10.1-lp151.4.3.1.x86_64"
        },
        "product_reference": "ftlint-2.10.1-lp151.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ftmulti-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:ftmulti-2.10.1-lp151.4.3.1.x86_64"
        },
        "product_reference": "ftmulti-2.10.1-lp151.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ftstring-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:ftstring-2.10.1-lp151.4.3.1.x86_64"
        },
        "product_reference": "ftstring-2.10.1-lp151.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ftvalid-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:ftvalid-2.10.1-lp151.4.3.1.x86_64"
        },
        "product_reference": "ftvalid-2.10.1-lp151.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ftview-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:ftview-2.10.1-lp151.4.3.1.x86_64"
        },
        "product_reference": "ftview-2.10.1-lp151.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreetype6-2.10.1-lp151.4.3.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libfreetype6-2.10.1-lp151.4.3.1.i586"
        },
        "product_reference": "libfreetype6-2.10.1-lp151.4.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreetype6-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libfreetype6-2.10.1-lp151.4.3.1.x86_64"
        },
        "product_reference": "libfreetype6-2.10.1-lp151.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreetype6-32bit-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libfreetype6-32bit-2.10.1-lp151.4.3.1.x86_64"
        },
        "product_reference": "libfreetype6-32bit-2.10.1-lp151.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-6942",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-6942"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:freetype2-devel-2.10.1-lp151.4.3.1.i586",
          "openSUSE Leap 15.1:freetype2-devel-2.10.1-lp151.4.3.1.x86_64",
          "openSUSE Leap 15.1:freetype2-devel-32bit-2.10.1-lp151.4.3.1.x86_64",
          "openSUSE Leap 15.1:freetype2-profile-tti35-2.10.1-lp151.4.3.1.noarch",
          "openSUSE Leap 15.1:ft2demos-2.10.1-lp151.4.3.1.x86_64",
          "openSUSE Leap 15.1:ftbench-2.10.1-lp151.4.3.1.x86_64",
          "openSUSE Leap 15.1:ftdiff-2.10.1-lp151.4.3.1.x86_64",
          "openSUSE Leap 15.1:ftdump-2.10.1-lp151.4.3.1.x86_64",
          "openSUSE Leap 15.1:ftgamma-2.10.1-lp151.4.3.1.x86_64",
          "openSUSE Leap 15.1:ftgrid-2.10.1-lp151.4.3.1.x86_64",
          "openSUSE Leap 15.1:ftinspect-2.10.1-lp151.4.3.1.x86_64",
          "openSUSE Leap 15.1:ftlint-2.10.1-lp151.4.3.1.x86_64",
          "openSUSE Leap 15.1:ftmulti-2.10.1-lp151.4.3.1.x86_64",
          "openSUSE Leap 15.1:ftstring-2.10.1-lp151.4.3.1.x86_64",
          "openSUSE Leap 15.1:ftvalid-2.10.1-lp151.4.3.1.x86_64",
          "openSUSE Leap 15.1:ftview-2.10.1-lp151.4.3.1.x86_64",
          "openSUSE Leap 15.1:libfreetype6-2.10.1-lp151.4.3.1.i586",
          "openSUSE Leap 15.1:libfreetype6-2.10.1-lp151.4.3.1.x86_64",
          "openSUSE Leap 15.1:libfreetype6-32bit-2.10.1-lp151.4.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-6942",
          "url": "https://www.suse.com/security/cve/CVE-2018-6942"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:freetype2-devel-2.10.1-lp151.4.3.1.i586",
            "openSUSE Leap 15.1:freetype2-devel-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:freetype2-devel-32bit-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:freetype2-profile-tti35-2.10.1-lp151.4.3.1.noarch",
            "openSUSE Leap 15.1:ft2demos-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:ftbench-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:ftdiff-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:ftdump-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:ftgamma-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:ftgrid-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:ftinspect-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:ftlint-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:ftmulti-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:ftstring-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:ftvalid-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:ftview-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:libfreetype6-2.10.1-lp151.4.3.1.i586",
            "openSUSE Leap 15.1:libfreetype6-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:libfreetype6-32bit-2.10.1-lp151.4.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.1:freetype2-devel-2.10.1-lp151.4.3.1.i586",
            "openSUSE Leap 15.1:freetype2-devel-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:freetype2-devel-32bit-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:freetype2-profile-tti35-2.10.1-lp151.4.3.1.noarch",
            "openSUSE Leap 15.1:ft2demos-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:ftbench-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:ftdiff-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:ftdump-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:ftgamma-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:ftgrid-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:ftinspect-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:ftlint-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:ftmulti-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:ftstring-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:ftvalid-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:ftview-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:libfreetype6-2.10.1-lp151.4.3.1.i586",
            "openSUSE Leap 15.1:libfreetype6-2.10.1-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:libfreetype6-32bit-2.10.1-lp151.4.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-05-23T18:14:34Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-6942"
    }
  ]
}

opensuse-su-2024:10770-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

freetype2-devel-2.11.0-1.2 on GA media

Notes

Title of the patch

freetype2-devel-2.11.0-1.2 on GA media

Description of the patch

These are all security issues fixed in the freetype2-devel-2.11.0-1.2 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10770

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "freetype2-devel-2.11.0-1.2 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the freetype2-devel-2.11.0-1.2 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10770",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10770-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2007-1351 page",
        "url": "https://www.suse.com/security/cve/CVE-2007-1351/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-8105 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-8105/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-6942 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-6942/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-15999 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-15999/"
      }
    ],
    "title": "freetype2-devel-2.11.0-1.2 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10770-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freetype2-devel-2.11.0-1.2.aarch64",
                "product": {
                  "name": "freetype2-devel-2.11.0-1.2.aarch64",
                  "product_id": "freetype2-devel-2.11.0-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "freetype2-devel-32bit-2.11.0-1.2.aarch64",
                "product": {
                  "name": "freetype2-devel-32bit-2.11.0-1.2.aarch64",
                  "product_id": "freetype2-devel-32bit-2.11.0-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "freetype2-profile-tti35-2.11.0-1.2.aarch64",
                "product": {
                  "name": "freetype2-profile-tti35-2.11.0-1.2.aarch64",
                  "product_id": "freetype2-profile-tti35-2.11.0-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libfreetype6-2.11.0-1.2.aarch64",
                "product": {
                  "name": "libfreetype6-2.11.0-1.2.aarch64",
                  "product_id": "libfreetype6-2.11.0-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libfreetype6-32bit-2.11.0-1.2.aarch64",
                "product": {
                  "name": "libfreetype6-32bit-2.11.0-1.2.aarch64",
                  "product_id": "libfreetype6-32bit-2.11.0-1.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freetype2-devel-2.11.0-1.2.ppc64le",
                "product": {
                  "name": "freetype2-devel-2.11.0-1.2.ppc64le",
                  "product_id": "freetype2-devel-2.11.0-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "freetype2-devel-32bit-2.11.0-1.2.ppc64le",
                "product": {
                  "name": "freetype2-devel-32bit-2.11.0-1.2.ppc64le",
                  "product_id": "freetype2-devel-32bit-2.11.0-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "freetype2-profile-tti35-2.11.0-1.2.ppc64le",
                "product": {
                  "name": "freetype2-profile-tti35-2.11.0-1.2.ppc64le",
                  "product_id": "freetype2-profile-tti35-2.11.0-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libfreetype6-2.11.0-1.2.ppc64le",
                "product": {
                  "name": "libfreetype6-2.11.0-1.2.ppc64le",
                  "product_id": "libfreetype6-2.11.0-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libfreetype6-32bit-2.11.0-1.2.ppc64le",
                "product": {
                  "name": "libfreetype6-32bit-2.11.0-1.2.ppc64le",
                  "product_id": "libfreetype6-32bit-2.11.0-1.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freetype2-devel-2.11.0-1.2.s390x",
                "product": {
                  "name": "freetype2-devel-2.11.0-1.2.s390x",
                  "product_id": "freetype2-devel-2.11.0-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "freetype2-devel-32bit-2.11.0-1.2.s390x",
                "product": {
                  "name": "freetype2-devel-32bit-2.11.0-1.2.s390x",
                  "product_id": "freetype2-devel-32bit-2.11.0-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "freetype2-profile-tti35-2.11.0-1.2.s390x",
                "product": {
                  "name": "freetype2-profile-tti35-2.11.0-1.2.s390x",
                  "product_id": "freetype2-profile-tti35-2.11.0-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libfreetype6-2.11.0-1.2.s390x",
                "product": {
                  "name": "libfreetype6-2.11.0-1.2.s390x",
                  "product_id": "libfreetype6-2.11.0-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libfreetype6-32bit-2.11.0-1.2.s390x",
                "product": {
                  "name": "libfreetype6-32bit-2.11.0-1.2.s390x",
                  "product_id": "libfreetype6-32bit-2.11.0-1.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freetype2-devel-2.11.0-1.2.x86_64",
                "product": {
                  "name": "freetype2-devel-2.11.0-1.2.x86_64",
                  "product_id": "freetype2-devel-2.11.0-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "freetype2-devel-32bit-2.11.0-1.2.x86_64",
                "product": {
                  "name": "freetype2-devel-32bit-2.11.0-1.2.x86_64",
                  "product_id": "freetype2-devel-32bit-2.11.0-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "freetype2-profile-tti35-2.11.0-1.2.x86_64",
                "product": {
                  "name": "freetype2-profile-tti35-2.11.0-1.2.x86_64",
                  "product_id": "freetype2-profile-tti35-2.11.0-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libfreetype6-2.11.0-1.2.x86_64",
                "product": {
                  "name": "libfreetype6-2.11.0-1.2.x86_64",
                  "product_id": "libfreetype6-2.11.0-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libfreetype6-32bit-2.11.0-1.2.x86_64",
                "product": {
                  "name": "libfreetype6-32bit-2.11.0-1.2.x86_64",
                  "product_id": "libfreetype6-32bit-2.11.0-1.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype2-devel-2.11.0-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64"
        },
        "product_reference": "freetype2-devel-2.11.0-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype2-devel-2.11.0-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le"
        },
        "product_reference": "freetype2-devel-2.11.0-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype2-devel-2.11.0-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x"
        },
        "product_reference": "freetype2-devel-2.11.0-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype2-devel-2.11.0-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64"
        },
        "product_reference": "freetype2-devel-2.11.0-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype2-devel-32bit-2.11.0-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64"
        },
        "product_reference": "freetype2-devel-32bit-2.11.0-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype2-devel-32bit-2.11.0-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le"
        },
        "product_reference": "freetype2-devel-32bit-2.11.0-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype2-devel-32bit-2.11.0-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x"
        },
        "product_reference": "freetype2-devel-32bit-2.11.0-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype2-devel-32bit-2.11.0-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64"
        },
        "product_reference": "freetype2-devel-32bit-2.11.0-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype2-profile-tti35-2.11.0-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64"
        },
        "product_reference": "freetype2-profile-tti35-2.11.0-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype2-profile-tti35-2.11.0-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le"
        },
        "product_reference": "freetype2-profile-tti35-2.11.0-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype2-profile-tti35-2.11.0-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x"
        },
        "product_reference": "freetype2-profile-tti35-2.11.0-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype2-profile-tti35-2.11.0-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64"
        },
        "product_reference": "freetype2-profile-tti35-2.11.0-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreetype6-2.11.0-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64"
        },
        "product_reference": "libfreetype6-2.11.0-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreetype6-2.11.0-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le"
        },
        "product_reference": "libfreetype6-2.11.0-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreetype6-2.11.0-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x"
        },
        "product_reference": "libfreetype6-2.11.0-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreetype6-2.11.0-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64"
        },
        "product_reference": "libfreetype6-2.11.0-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreetype6-32bit-2.11.0-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64"
        },
        "product_reference": "libfreetype6-32bit-2.11.0-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreetype6-32bit-2.11.0-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le"
        },
        "product_reference": "libfreetype6-32bit-2.11.0-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreetype6-32bit-2.11.0-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x"
        },
        "product_reference": "libfreetype6-32bit-2.11.0-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreetype6-32bit-2.11.0-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
        },
        "product_reference": "libfreetype6-32bit-2.11.0-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-1351",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2007-1351"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64",
          "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le",
          "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x",
          "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64",
          "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64",
          "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le",
          "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x",
          "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64",
          "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64",
          "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le",
          "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x",
          "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64",
          "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64",
          "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le",
          "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x",
          "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64",
          "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64",
          "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le",
          "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x",
          "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2007-1351",
          "url": "https://www.suse.com/security/cve/CVE-2007-1351"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 247732 for CVE-2007-1351",
          "url": "https://bugzilla.suse.com/247732"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 258335 for CVE-2007-1351",
          "url": "https://bugzilla.suse.com/258335"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 261141 for CVE-2007-1351",
          "url": "https://bugzilla.suse.com/261141"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2007-1351"
    },
    {
      "cve": "CVE-2017-8105",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-8105"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64",
          "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le",
          "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x",
          "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64",
          "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64",
          "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le",
          "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x",
          "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64",
          "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64",
          "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le",
          "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x",
          "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64",
          "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64",
          "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le",
          "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x",
          "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64",
          "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64",
          "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le",
          "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x",
          "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-8105",
          "url": "https://www.suse.com/security/cve/CVE-2017-8105"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1034186 for CVE-2017-8105",
          "url": "https://bugzilla.suse.com/1034186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1035807 for CVE-2017-8105",
          "url": "https://bugzilla.suse.com/1035807"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1036457 for CVE-2017-8105",
          "url": "https://bugzilla.suse.com/1036457"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1079459 for CVE-2017-8105",
          "url": "https://bugzilla.suse.com/1079459"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-8105"
    },
    {
      "cve": "CVE-2018-6942",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-6942"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64",
          "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le",
          "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x",
          "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64",
          "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64",
          "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le",
          "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x",
          "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64",
          "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64",
          "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le",
          "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x",
          "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64",
          "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64",
          "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le",
          "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x",
          "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64",
          "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64",
          "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le",
          "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x",
          "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-6942",
          "url": "https://www.suse.com/security/cve/CVE-2018-6942"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-6942"
    },
    {
      "cve": "CVE-2020-15999",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-15999"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64",
          "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le",
          "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x",
          "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64",
          "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64",
          "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le",
          "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x",
          "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64",
          "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64",
          "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le",
          "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x",
          "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64",
          "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64",
          "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le",
          "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x",
          "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64",
          "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64",
          "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le",
          "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x",
          "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-15999",
          "url": "https://www.suse.com/security/cve/CVE-2020-15999"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1177914 for CVE-2020-15999",
          "url": "https://bugzilla.suse.com/1177914"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1177936 for CVE-2020-15999",
          "url": "https://bugzilla.suse.com/1177936"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178824 for CVE-2020-15999",
          "url": "https://bugzilla.suse.com/1178824"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178894 for CVE-2020-15999",
          "url": "https://bugzilla.suse.com/1178894"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x",
            "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-15999"
    }
  ]
}

ghsa-pjfg-6mwr-j367

Vulnerability from github

Published

2022-05-13 01:12

Modified

2022-05-13 01:12

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-6942"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-13T05:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.",
  "id": "GHSA-pjfg-6mwr-j367",
  "modified": "2022-05-13T01:12:00Z",
  "published": "2022-05-13T01:12:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6942"
    },
    {
      "type": "WEB",
      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736"
    },
    {
      "type": "WEB",
      "url": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3572-1"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

suse-su-2020:1353-1

Vulnerability from csaf_suse

Published

2020-05-20 11:02

Modified

2020-05-20 11:02

Summary

Security update for freetype2

Notes

Title of the patch

Security update for freetype2

Description of the patch

Patchnames

SUSE-2020-1353,SUSE-SLE-Module-Basesystem-15-SP1-2020-1353

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for freetype2",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for freetype2 to version 2.10.1 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c (bsc#1079603).\n\nNon-security issues fixed:\n\n- Update to version 2.10.1\n  * The bytecode hinting of OpenType variation fonts was flawed, since\n    the data in the `CVAR\u0027 table wasn\u0027t correctly applied.\n  * Auto-hinter support for Mongolian.\n  * The handling of  the default character in PCF fonts as  introduced\n    in version 2.10.0 was partially broken, causing premature abortion\n    of charmap iteration for many fonts.\n  * If  `FT_Set_Named_Instance\u0027 was  called  with  the same  arguments\n    twice in a row, the function  returned an incorrect error code the\n    second time.\n  * Direct   rendering   using  FT_RASTER_FLAG_DIRECT   crashed   (bug\n    introduced in version 2.10.0).\n  * Increased  precision  while  computing  OpenType  font   variation\n    instances.\n  * The  flattening  algorithm of  cubic  Bezier  curves was  slightly\n    changed to make  it faster.  This can cause  very subtle rendering\n    changes, which aren\u0027t noticeable by the eye, however.\n  * The  auto-hinter  now  disables hinting  if there  are blue  zones\n    defined for a `style\u0027 (i.e., a certain combination of a script and\n    its related typographic features) but the font doesn\u0027t contain any\n    characters needed to set up at least one blue zone.\n- Add tarball signatures and freetype2.keyring\n\n- Update to version 2.10.0\n  * A bunch of new functions has been added to access and process\n    COLR/CPAL data of OpenType fonts with color-layered glyphs.\n  * As a GSoC 2018 project, Nikhil Ramakrishnan completely\n    overhauled and modernized the API reference.\n  * The logic for computing the global ascender, descender, and\n    height of OpenType fonts has been slightly adjusted for\n    consistency.\n  * `TT_Set_MM_Blend\u0027 could fail if called repeatedly with the same\n    arguments.\n  * The precision of handling deltas in Variation Fonts has been\n    increased.The problem did only show up with multidimensional\n    designspaces.\n  * New function `FT_Library_SetLcdGeometry\u0027 to set up the geometry\n    of LCD subpixels.\n  * FreeType now uses the `defaultChar\u0027 property of PCF fonts to set\n    the  glyph for  the undefined  character  at glyph  index 0  (as\n    FreeType already does for all other supported font formats).  As\n    a consequence, the order of glyphs of a PCF font if accessed\n    with  FreeType can be different now compared to previous\n    versions.\n    This change doesn\u0027t affect PCF font access with cmaps.\n  * `FT_Select_Charmap\u0027 has been changed to allow  parameter value\n    `FT_ENCODING_NONE\u0027, which is valid for BDF, PCF, and Windows FNT\n    formats to access built-in cmaps that don\u0027t have a predefined\n    `FT_Encoding\u0027 value.\n  * A previously reserved field in the `FT_GlyphSlotRec\u0027 structure\n    now holds the glyph index.\n  * The usual round of fuzzer bug fixes to better reject malformed\n    fonts.\n  * `FT_Outline_New_Internal\u0027 and `FT_Outline_Done_Internal\u0027 have\n    been removed.These two functions were public by oversight only\n    and were never documented.\n  * A new function `FT_Error_String\u0027 returns descriptions of error\n    codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is\n    defined.\n  * `FT_Set_MM_WeightVector\u0027 and `FT_Get_MM_WeightVector\u0027 are new\n    functions limited to Adobe MultiMaster fonts to directly set and\n    get the weight vector.\n\n- Enable subpixel rendering with infinality config:\n\n- Re-enable freetype-config, there is just too many fallouts. \n\n- Update to version 2.9.1\n  * Type 1 fonts containing flex features were not rendered\n    correctly (bug introduced in version 2.9).\n  * CVE-2018-6942: Older FreeType versions can crash with certain\n    malformed variation fonts.\n  * Bug fix: Multiple calls to `FT_Get_MM_Var\u0027 returned garbage.\n  * Emboldening of bitmaps didn\u0027t work correctly sometimes, showing\n    various artifacts (bug introduced in version 2.8.1).\n  * The auto-hinter script ranges have  been updated for Unicode 11.\n    No support for new scripts have been added, however,  with the\n    exception of Georgian Mtavruli.\n- freetype-config is now deprecated by upstream and not enabled\n  by default.\n\n- Update to version 2.10.1\n  * The `ftmulti\u0027 demo program now  supports multiple hidden axes with\n    the same name tag.\n  * `ftview\u0027, `ftstring\u0027, and `ftgrid\u0027 got  a `-k\u0027 command line option\n    to emulate a sequence of keystrokes at start-up.\n  * `ftview\u0027, `ftstring\u0027, and `ftgrid\u0027 now support screen dumping to a\n    PNG file.\n  * The bytecode debugger, `ttdebug\u0027,  now supports variation TrueType\n    fonts; a variation font instance can be selected with the new `-d\u0027\n    command line option.\n- Add tarball signatures and freetype2.keyring\n\n- Update to version 2.10.0\n  * The  `ftdump\u0027 demo  program has new options `-c\u0027  and `-C\u0027  to\n    display charmaps in compact and detailed format, respectively.\n    Option `-V\u0027 has been removed.\n  * The `ftview\u0027, `ftstring\u0027, and `ftgrid\u0027 demo programs use a new\n    command line option `-d\u0027 to specify the program window\u0027s width,\n    height, and color depth.\n  * The `ftview\u0027 demo program now displays red boxes for zero-width\n    glyphs.\n  * `ftglyph\u0027 has limited support to display fonts with\n    color-layered glyphs.This will be improved later on.\n  * `ftgrid\u0027 can now display bitmap fonts also.\n  * The `ttdebug\u0027 demo program has a new option `-f\u0027 to select a\n    member of a TrueType collection (TTC).\n  * Other various improvements to the demo programs.\n\n- Remove \u0027Supplements: fonts-config\u0027 to avoid accidentally pulling\n  in Qt dependencies on some non-Qt based desktops.(bsc#1091109)\n  fonts-config is fundamental but ft2demos seldom installs by end users.\n  only fonts-config maintainers/debuggers may use ft2demos along to\n  debug some issues. \n\n- Update to version 2.9.1\n  * No changelog upstream.\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2020-1353,SUSE-SLE-Module-Basesystem-15-SP1-2020-1353",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1353-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:1353-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201353-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:1353-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-May/006839.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1079603",
        "url": "https://bugzilla.suse.com/1079603"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1091109",
        "url": "https://bugzilla.suse.com/1091109"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-6942 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-6942/"
      }
    ],
    "title": "Security update for freetype2",
    "tracking": {
      "current_release_date": "2020-05-20T11:02:36Z",
      "generator": {
        "date": "2020-05-20T11:02:36Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:1353-1",
      "initial_release_date": "2020-05-20T11:02:36Z",
      "revision_history": [
        {
          "date": "2020-05-20T11:02:36Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freetype2-devel-2.10.1-4.3.1.aarch64",
                "product": {
                  "name": "freetype2-devel-2.10.1-4.3.1.aarch64",
                  "product_id": "freetype2-devel-2.10.1-4.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ft2demos-2.10.1-4.3.1.aarch64",
                "product": {
                  "name": "ft2demos-2.10.1-4.3.1.aarch64",
                  "product_id": "ft2demos-2.10.1-4.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ftbench-2.10.1-4.3.1.aarch64",
                "product": {
                  "name": "ftbench-2.10.1-4.3.1.aarch64",
                  "product_id": "ftbench-2.10.1-4.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ftdiff-2.10.1-4.3.1.aarch64",
                "product": {
                  "name": "ftdiff-2.10.1-4.3.1.aarch64",
                  "product_id": "ftdiff-2.10.1-4.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ftdump-2.10.1-4.3.1.aarch64",
                "product": {
                  "name": "ftdump-2.10.1-4.3.1.aarch64",
                  "product_id": "ftdump-2.10.1-4.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ftgamma-2.10.1-4.3.1.aarch64",
                "product": {
                  "name": "ftgamma-2.10.1-4.3.1.aarch64",
                  "product_id": "ftgamma-2.10.1-4.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ftgrid-2.10.1-4.3.1.aarch64",
                "product": {
                  "name": "ftgrid-2.10.1-4.3.1.aarch64",
                  "product_id": "ftgrid-2.10.1-4.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ftinspect-2.10.1-4.3.1.aarch64",
                "product": {
                  "name": "ftinspect-2.10.1-4.3.1.aarch64",
                  "product_id": "ftinspect-2.10.1-4.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ftlint-2.10.1-4.3.1.aarch64",
                "product": {
                  "name": "ftlint-2.10.1-4.3.1.aarch64",
                  "product_id": "ftlint-2.10.1-4.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ftmulti-2.10.1-4.3.1.aarch64",
                "product": {
                  "name": "ftmulti-2.10.1-4.3.1.aarch64",
                  "product_id": "ftmulti-2.10.1-4.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ftstring-2.10.1-4.3.1.aarch64",
                "product": {
                  "name": "ftstring-2.10.1-4.3.1.aarch64",
                  "product_id": "ftstring-2.10.1-4.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ftvalid-2.10.1-4.3.1.aarch64",
                "product": {
                  "name": "ftvalid-2.10.1-4.3.1.aarch64",
                  "product_id": "ftvalid-2.10.1-4.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ftview-2.10.1-4.3.1.aarch64",
                "product": {
                  "name": "ftview-2.10.1-4.3.1.aarch64",
                  "product_id": "ftview-2.10.1-4.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libfreetype6-2.10.1-4.3.1.aarch64",
                "product": {
                  "name": "libfreetype6-2.10.1-4.3.1.aarch64",
                  "product_id": "libfreetype6-2.10.1-4.3.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freetype2-devel-64bit-2.10.1-4.3.1.aarch64_ilp32",
                "product": {
                  "name": "freetype2-devel-64bit-2.10.1-4.3.1.aarch64_ilp32",
                  "product_id": "freetype2-devel-64bit-2.10.1-4.3.1.aarch64_ilp32"
                }
              },
              {
                "category": "product_version",
                "name": "libfreetype6-64bit-2.10.1-4.3.1.aarch64_ilp32",
                "product": {
                  "name": "libfreetype6-64bit-2.10.1-4.3.1.aarch64_ilp32",
                  "product_id": "libfreetype6-64bit-2.10.1-4.3.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freetype2-devel-2.10.1-4.3.1.i586",
                "product": {
                  "name": "freetype2-devel-2.10.1-4.3.1.i586",
                  "product_id": "freetype2-devel-2.10.1-4.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ft2demos-2.10.1-4.3.1.i586",
                "product": {
                  "name": "ft2demos-2.10.1-4.3.1.i586",
                  "product_id": "ft2demos-2.10.1-4.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ftbench-2.10.1-4.3.1.i586",
                "product": {
                  "name": "ftbench-2.10.1-4.3.1.i586",
                  "product_id": "ftbench-2.10.1-4.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ftdiff-2.10.1-4.3.1.i586",
                "product": {
                  "name": "ftdiff-2.10.1-4.3.1.i586",
                  "product_id": "ftdiff-2.10.1-4.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ftdump-2.10.1-4.3.1.i586",
                "product": {
                  "name": "ftdump-2.10.1-4.3.1.i586",
                  "product_id": "ftdump-2.10.1-4.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ftgamma-2.10.1-4.3.1.i586",
                "product": {
                  "name": "ftgamma-2.10.1-4.3.1.i586",
                  "product_id": "ftgamma-2.10.1-4.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ftgrid-2.10.1-4.3.1.i586",
                "product": {
                  "name": "ftgrid-2.10.1-4.3.1.i586",
                  "product_id": "ftgrid-2.10.1-4.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ftinspect-2.10.1-4.3.1.i586",
                "product": {
                  "name": "ftinspect-2.10.1-4.3.1.i586",
                  "product_id": "ftinspect-2.10.1-4.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ftlint-2.10.1-4.3.1.i586",
                "product": {
                  "name": "ftlint-2.10.1-4.3.1.i586",
                  "product_id": "ftlint-2.10.1-4.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ftmulti-2.10.1-4.3.1.i586",
                "product": {
                  "name": "ftmulti-2.10.1-4.3.1.i586",
                  "product_id": "ftmulti-2.10.1-4.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ftstring-2.10.1-4.3.1.i586",
                "product": {
                  "name": "ftstring-2.10.1-4.3.1.i586",
                  "product_id": "ftstring-2.10.1-4.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ftvalid-2.10.1-4.3.1.i586",
                "product": {
                  "name": "ftvalid-2.10.1-4.3.1.i586",
                  "product_id": "ftvalid-2.10.1-4.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ftview-2.10.1-4.3.1.i586",
                "product": {
                  "name": "ftview-2.10.1-4.3.1.i586",
                  "product_id": "ftview-2.10.1-4.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libfreetype6-2.10.1-4.3.1.i586",
                "product": {
                  "name": "libfreetype6-2.10.1-4.3.1.i586",
                  "product_id": "libfreetype6-2.10.1-4.3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freetype2-profile-tti35-2.10.1-4.3.1.noarch",
                "product": {
                  "name": "freetype2-profile-tti35-2.10.1-4.3.1.noarch",
                  "product_id": "freetype2-profile-tti35-2.10.1-4.3.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freetype2-devel-2.10.1-4.3.1.ppc64le",
                "product": {
                  "name": "freetype2-devel-2.10.1-4.3.1.ppc64le",
                  "product_id": "freetype2-devel-2.10.1-4.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ft2demos-2.10.1-4.3.1.ppc64le",
                "product": {
                  "name": "ft2demos-2.10.1-4.3.1.ppc64le",
                  "product_id": "ft2demos-2.10.1-4.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ftbench-2.10.1-4.3.1.ppc64le",
                "product": {
                  "name": "ftbench-2.10.1-4.3.1.ppc64le",
                  "product_id": "ftbench-2.10.1-4.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ftdiff-2.10.1-4.3.1.ppc64le",
                "product": {
                  "name": "ftdiff-2.10.1-4.3.1.ppc64le",
                  "product_id": "ftdiff-2.10.1-4.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ftdump-2.10.1-4.3.1.ppc64le",
                "product": {
                  "name": "ftdump-2.10.1-4.3.1.ppc64le",
                  "product_id": "ftdump-2.10.1-4.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ftgamma-2.10.1-4.3.1.ppc64le",
                "product": {
                  "name": "ftgamma-2.10.1-4.3.1.ppc64le",
                  "product_id": "ftgamma-2.10.1-4.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ftgrid-2.10.1-4.3.1.ppc64le",
                "product": {
                  "name": "ftgrid-2.10.1-4.3.1.ppc64le",
                  "product_id": "ftgrid-2.10.1-4.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ftinspect-2.10.1-4.3.1.ppc64le",
                "product": {
                  "name": "ftinspect-2.10.1-4.3.1.ppc64le",
                  "product_id": "ftinspect-2.10.1-4.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ftlint-2.10.1-4.3.1.ppc64le",
                "product": {
                  "name": "ftlint-2.10.1-4.3.1.ppc64le",
                  "product_id": "ftlint-2.10.1-4.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ftmulti-2.10.1-4.3.1.ppc64le",
                "product": {
                  "name": "ftmulti-2.10.1-4.3.1.ppc64le",
                  "product_id": "ftmulti-2.10.1-4.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ftstring-2.10.1-4.3.1.ppc64le",
                "product": {
                  "name": "ftstring-2.10.1-4.3.1.ppc64le",
                  "product_id": "ftstring-2.10.1-4.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ftvalid-2.10.1-4.3.1.ppc64le",
                "product": {
                  "name": "ftvalid-2.10.1-4.3.1.ppc64le",
                  "product_id": "ftvalid-2.10.1-4.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ftview-2.10.1-4.3.1.ppc64le",
                "product": {
                  "name": "ftview-2.10.1-4.3.1.ppc64le",
                  "product_id": "ftview-2.10.1-4.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libfreetype6-2.10.1-4.3.1.ppc64le",
                "product": {
                  "name": "libfreetype6-2.10.1-4.3.1.ppc64le",
                  "product_id": "libfreetype6-2.10.1-4.3.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freetype2-devel-2.10.1-4.3.1.s390x",
                "product": {
                  "name": "freetype2-devel-2.10.1-4.3.1.s390x",
                  "product_id": "freetype2-devel-2.10.1-4.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ft2demos-2.10.1-4.3.1.s390x",
                "product": {
                  "name": "ft2demos-2.10.1-4.3.1.s390x",
                  "product_id": "ft2demos-2.10.1-4.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ftbench-2.10.1-4.3.1.s390x",
                "product": {
                  "name": "ftbench-2.10.1-4.3.1.s390x",
                  "product_id": "ftbench-2.10.1-4.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ftdiff-2.10.1-4.3.1.s390x",
                "product": {
                  "name": "ftdiff-2.10.1-4.3.1.s390x",
                  "product_id": "ftdiff-2.10.1-4.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ftdump-2.10.1-4.3.1.s390x",
                "product": {
                  "name": "ftdump-2.10.1-4.3.1.s390x",
                  "product_id": "ftdump-2.10.1-4.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ftgamma-2.10.1-4.3.1.s390x",
                "product": {
                  "name": "ftgamma-2.10.1-4.3.1.s390x",
                  "product_id": "ftgamma-2.10.1-4.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ftgrid-2.10.1-4.3.1.s390x",
                "product": {
                  "name": "ftgrid-2.10.1-4.3.1.s390x",
                  "product_id": "ftgrid-2.10.1-4.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ftinspect-2.10.1-4.3.1.s390x",
                "product": {
                  "name": "ftinspect-2.10.1-4.3.1.s390x",
                  "product_id": "ftinspect-2.10.1-4.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ftlint-2.10.1-4.3.1.s390x",
                "product": {
                  "name": "ftlint-2.10.1-4.3.1.s390x",
                  "product_id": "ftlint-2.10.1-4.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ftmulti-2.10.1-4.3.1.s390x",
                "product": {
                  "name": "ftmulti-2.10.1-4.3.1.s390x",
                  "product_id": "ftmulti-2.10.1-4.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ftstring-2.10.1-4.3.1.s390x",
                "product": {
                  "name": "ftstring-2.10.1-4.3.1.s390x",
                  "product_id": "ftstring-2.10.1-4.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ftvalid-2.10.1-4.3.1.s390x",
                "product": {
                  "name": "ftvalid-2.10.1-4.3.1.s390x",
                  "product_id": "ftvalid-2.10.1-4.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ftview-2.10.1-4.3.1.s390x",
                "product": {
                  "name": "ftview-2.10.1-4.3.1.s390x",
                  "product_id": "ftview-2.10.1-4.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libfreetype6-2.10.1-4.3.1.s390x",
                "product": {
                  "name": "libfreetype6-2.10.1-4.3.1.s390x",
                  "product_id": "libfreetype6-2.10.1-4.3.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freetype2-devel-2.10.1-4.3.1.x86_64",
                "product": {
                  "name": "freetype2-devel-2.10.1-4.3.1.x86_64",
                  "product_id": "freetype2-devel-2.10.1-4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "freetype2-devel-32bit-2.10.1-4.3.1.x86_64",
                "product": {
                  "name": "freetype2-devel-32bit-2.10.1-4.3.1.x86_64",
                  "product_id": "freetype2-devel-32bit-2.10.1-4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ft2demos-2.10.1-4.3.1.x86_64",
                "product": {
                  "name": "ft2demos-2.10.1-4.3.1.x86_64",
                  "product_id": "ft2demos-2.10.1-4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ftbench-2.10.1-4.3.1.x86_64",
                "product": {
                  "name": "ftbench-2.10.1-4.3.1.x86_64",
                  "product_id": "ftbench-2.10.1-4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ftdiff-2.10.1-4.3.1.x86_64",
                "product": {
                  "name": "ftdiff-2.10.1-4.3.1.x86_64",
                  "product_id": "ftdiff-2.10.1-4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ftdump-2.10.1-4.3.1.x86_64",
                "product": {
                  "name": "ftdump-2.10.1-4.3.1.x86_64",
                  "product_id": "ftdump-2.10.1-4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ftgamma-2.10.1-4.3.1.x86_64",
                "product": {
                  "name": "ftgamma-2.10.1-4.3.1.x86_64",
                  "product_id": "ftgamma-2.10.1-4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ftgrid-2.10.1-4.3.1.x86_64",
                "product": {
                  "name": "ftgrid-2.10.1-4.3.1.x86_64",
                  "product_id": "ftgrid-2.10.1-4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ftinspect-2.10.1-4.3.1.x86_64",
                "product": {
                  "name": "ftinspect-2.10.1-4.3.1.x86_64",
                  "product_id": "ftinspect-2.10.1-4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ftlint-2.10.1-4.3.1.x86_64",
                "product": {
                  "name": "ftlint-2.10.1-4.3.1.x86_64",
                  "product_id": "ftlint-2.10.1-4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ftmulti-2.10.1-4.3.1.x86_64",
                "product": {
                  "name": "ftmulti-2.10.1-4.3.1.x86_64",
                  "product_id": "ftmulti-2.10.1-4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ftstring-2.10.1-4.3.1.x86_64",
                "product": {
                  "name": "ftstring-2.10.1-4.3.1.x86_64",
                  "product_id": "ftstring-2.10.1-4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ftvalid-2.10.1-4.3.1.x86_64",
                "product": {
                  "name": "ftvalid-2.10.1-4.3.1.x86_64",
                  "product_id": "ftvalid-2.10.1-4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ftview-2.10.1-4.3.1.x86_64",
                "product": {
                  "name": "ftview-2.10.1-4.3.1.x86_64",
                  "product_id": "ftview-2.10.1-4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libfreetype6-2.10.1-4.3.1.x86_64",
                "product": {
                  "name": "libfreetype6-2.10.1-4.3.1.x86_64",
                  "product_id": "libfreetype6-2.10.1-4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libfreetype6-32bit-2.10.1-4.3.1.x86_64",
                "product": {
                  "name": "libfreetype6-32bit-2.10.1-4.3.1.x86_64",
                  "product_id": "libfreetype6-32bit-2.10.1-4.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype2-devel-2.10.1-4.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.aarch64"
        },
        "product_reference": "freetype2-devel-2.10.1-4.3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype2-devel-2.10.1-4.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.ppc64le"
        },
        "product_reference": "freetype2-devel-2.10.1-4.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype2-devel-2.10.1-4.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.s390x"
        },
        "product_reference": "freetype2-devel-2.10.1-4.3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype2-devel-2.10.1-4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.x86_64"
        },
        "product_reference": "freetype2-devel-2.10.1-4.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreetype6-2.10.1-4.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.aarch64"
        },
        "product_reference": "libfreetype6-2.10.1-4.3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreetype6-2.10.1-4.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.ppc64le"
        },
        "product_reference": "libfreetype6-2.10.1-4.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreetype6-2.10.1-4.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.s390x"
        },
        "product_reference": "libfreetype6-2.10.1-4.3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreetype6-2.10.1-4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.x86_64"
        },
        "product_reference": "libfreetype6-2.10.1-4.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreetype6-32bit-2.10.1-4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-32bit-2.10.1-4.3.1.x86_64"
        },
        "product_reference": "libfreetype6-32bit-2.10.1-4.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-6942",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-6942"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-32bit-2.10.1-4.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-6942",
          "url": "https://www.suse.com/security/cve/CVE-2018-6942"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-32bit-2.10.1-4.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-32bit-2.10.1-4.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-05-20T11:02:36Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-6942"
    }
  ]
}

gsd-2018-6942

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.

Aliases

CVE-2018-6942

Aliases

CVE-2018-6942

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-6942",
    "description": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.",
    "id": "GSD-2018-6942",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-6942.html",
      "https://advisories.mageia.org/CVE-2018-6942.html",
      "https://security.archlinux.org/CVE-2018-6942"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-6942"
      ],
      "details": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.",
      "id": "GSD-2018-6942",
      "modified": "2023-12-13T01:22:35.469749Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-6942",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef",
            "refsource": "MISC",
            "url": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef"
          },
          {
            "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736",
            "refsource": "MISC",
            "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736"
          },
          {
            "name": "USN-3572-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3572-1/"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "name": "openSUSE-SU-2020:0704",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.9",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-6942"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-476"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef"
            },
            {
              "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736"
            },
            {
              "name": "USN-3572-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/3572-1/"
            },
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [],
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "openSUSE-SU-2020:0704",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-01-26T12:33Z",
      "publishedDate": "2018-02-13T05:29Z"
    }
  }
}

fkie_cve-2018-6942

Vulnerability from fkie_nvd

Published

2018-02-13 05:29

Modified

2024-11-21 04:11

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Summary

An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html
cve@mitre.org	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736	Third Party Advisory
cve@mitre.org	https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef	Patch, Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/3572-1/	Third Party Advisory
cve@mitre.org	https://www.oracle.com/security-alerts/cpuapr2020.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html
af854a3a-2127-422b-91ae-364da2661108	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3572-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2020.html

Impacted products

	Vendor	Product	Version
	freetype	freetype	*
	canonical	ubuntu_linux	17.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C079B991-75F4-471A-8F9B-9561EBF07A3A",
              "versionEndIncluding": "2.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema hasta la versi\u00f3n 2.9 de FreeType 2. Una desreferencia de puntero NULL en la funci\u00f3n Ins_GETVARIATION() en ttinterp.c podr\u00eda conducir a DoS mediante un archivo de fuentes manipulado."
    }
  ],
  "id": "CVE-2018-6942",
  "lastModified": "2024-11-21T04:11:27.543",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-13T05:29:00.267",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3572-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3572-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-6942 (GCVE-0-2018-6942)

Vulnerability from cvelistv5

cnvd-2018-05683

Vulnerability from cnvd

opensuse-su-2020:0704-1

Vulnerability from csaf_opensuse

opensuse-su-2024:10770-1

Vulnerability from csaf_opensuse

ghsa-pjfg-6mwr-j367

Vulnerability from github

suse-su-2020:1353-1

Vulnerability from csaf_suse

gsd-2018-6942

Vulnerability from gsd

fkie_cve-2018-6942

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature