Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201201-08
HistoryJan 23, 2012 - 12:00 a.m.

FontForge: User-assisted execution of arbitrary code

2012-01-2300:00:00
Gentoo Foundation
security.gentoo.org
12

0.166 Low

EPSS

Percentile

96.0%

JSON

Background

FontForge is a PostScript font editor and converter.

Description

FontForge is vulnerable to an error when processing the “CHARSET_REGISTRY” header in font files, which could cause a stack-based buffer overflow.

Impact

A remote attacker could entice a user to open a specially crafted BDF file using FontForge font editor, possibly resulting in the remote execution of arbitrary code with the privileges of the FontForge process, or a Denial of Service (application crash).

Workaround

There is no known workaround at this time.

Resolution

All FontForge users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-gfx/fontforge-20110222-r1"

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since October 12, 2011. It is likely that your system is already no longer affected by this issue.

OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-gfx/fontforge< 20110222-r1UNKNOWN

Related

securityvulns 2
prion 1
openvas 8
nessus 4
fedora 2
debian 1
cve 1
ubuntucve 1
cvelist 1
debiancve 1
securityvulns
securityvulns
FontForge buffer overflow
2011-06-08 00:00:00
[SECURITY] [DSA 2253-1] fontforge security update
2011-06-08 00:00:00
prion
prion
Stack overflow
2010-12-07 13:53:00
openvas
openvas
Gentoo Security Advisory GLSA 201201-08 (FontForge)
2012-02-12 00:00:00
Fedora Update for fontforge FEDORA-2010-18577
2010-12-28 00:00:00
Fedora Update for fontforge FEDORA-2010-18573
2010-12-28 00:00:00
nessus
nessus
Debian DSA-2253-1 : fontforge - buffer overflow
2011-06-10 00:00:00
Fedora 13 : fontforge-20090923-4.fc13 (2010-18577)
2010-12-14 00:00:00
GLSA-201201-08 : FontForge: User-assisted execution of arbitrary code
2012-01-24 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: fontforge-20090923-4.fc13
2010-12-13 20:10:01
[SECURITY] Fedora 14 Update: fontforge-20100501-5.fc14
2010-12-13 20:08:47
debian
debian
[SECURITY] [DSA 2253-1] fontforge security update
2011-06-03 19:42:53
cve
cve
CVE-2010-4259
2010-12-07 13:53:00
ubuntucve
ubuntucve
CVE-2010-4259
2010-12-07 00:00:00
cvelist
cvelist
CVE-2010-4259
2010-12-07 01:00:00
debiancve
debiancve
CVE-2010-4259
2010-12-07 13:53:00

0.166 Low

EPSS

Percentile

96.0%

JSON
Related for GLSA-201201-08
securityvulns2prion1openvas8nessus4fedora2debian1cve1ubuntucve1cvelist1debiancve1