{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71755?format=json","vulnerability_id":"VCID-49qz-y2rr-rkfx","summary":"In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file.","aliases":[{"alias":"CVE-2018-7999"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97815?format=json","purl":"pkg:deb/debian/graphite2@1.3.11-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/656301?format=json","purl":"pkg:deb/debian/graphite2@1.3.13-7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.13-7"},{"url":"http://public2.vulnerablecode.io/api/packages/97808?format=json","purl":"pkg:deb/debian/graphite2@1.3.14-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uffx-1e7f-ybav"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97812?format=json","purl":"pkg:deb/debian/graphite2@1.3.14-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uffx-1e7f-ybav"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97810?format=json","purl":"pkg:deb/debian/graphite2@1.3.14-13?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uffx-1e7f-ybav"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.14-13%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97811?format=json","purl":"pkg:deb/debian/graphite2@1.3.15-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.15-2%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4075?format=json","purl":"pkg:deb/debian/graphite2@1.2.4-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-49qz-y2rr-rkfx"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9ksn-fq5j-jkhz"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-hqnu-aq9h-gkb4"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-x3k8-ym18-sffm"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.2.4-3"},{"url":"http://public2.vulnerablecode.io/api/packages/4076?format=json","purl":"pkg:deb/debian/graphite2@1.3.6-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-49qz-y2rr-rkfx"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.6-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4150?format=json","purl":"pkg:deb/debian/graphite2@1.3.10-1~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49qz-y2rr-rkfx"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.10-1~deb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/6241?format=json","purl":"pkg:deb/debian/graphite2@1.3.10-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49qz-y2rr-rkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphite2@1.3.10-1"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7999.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7999.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7999","reference_id":"","reference_type":"","scores":[{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42569","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42642","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42653","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42626","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7999"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7999","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7999"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1554380","reference_id":"1554380","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1554380"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892590","reference_id":"892590","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892590"},{"reference_url":"https://usn.ubuntu.com/5657-1/","reference_id":"USN-5657-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5657-1/"}],"weaknesses":[{"cwe_id":476,"name":"NULL Pointer Dereference","description":"A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit."}],"exploits":[],"severity_range_score":"5.5 - 8.8","exploitability":"0.5","weighted_severity":"7.9","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-49qz-y2rr-rkfx"}