PT-2019-15805 · Gnome · Gnome-Font-Viewer
Published
2019-11-27
·
Updated
2024-02-28
·
CVE-2019-19308
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
gnome-font-viewer version 3.34.0
Description
The issue arises from a NULL pointer dereference in the
text to glyphs function in sushi-font-widget.c while parsing a TTF font file that lacks a name section. This occurs due to a g strconcat call that returns NULL.Recommendations
For gnome-font-viewer version 3.34.0, consider avoiding the use of TTF font files that lack a name section until a patch is available. As a temporary workaround, restrict the parsing of such files to minimize the risk of exploitation.
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gnome-Font-Viewer