A flaw was found in libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file. References: https://github.com/silnrsi/graphite/issues/22 Upstream Patch: https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6
Created graphite2 tracking bugs for this issue: Affects: fedora-all [bug 1554383]