34 matches found
CVE-2017-11575
FontForge 20161012 is affected by CVE-2017-11575: a buffer over-read in strnmatch (char.c) can trigger DoS or code execution via a crafted OpenType font, linked to readttfcopyrights in parsettf.c. Multiple advisories confirm the issue and document fixes in later FontForge releases (e.g., updates ...
CVE-2017-11577
FontForge 20161012 is vulnerable to a buffer over-read in getsid (parsettf.c) that can lead to DoS or code execution via a crafted OpenType font (OTF). Exploitation details are described in the CVE-2017-11577 entry, and multiple sources indicate a fix in fontforge updates (e.g., SUSE and Mageia a...
CVE-2017-11576
CVE-2017-11576 affects FontForge (min. FontForge 20161012). The root cause is a check failure in a weight vector memcpy in readcfftopdict (parsettf.c), which can lead to a denial of service or recovery via a crafted OpenType font file. Public sources in connected documents confirm the vulnerabili...
CVE-2017-11575
FontForge 20161012 is vulnerable to a buffer over-read in strnmatch char.c resulting in DoS or code execution via a crafted otf file, related to a call from the readttfcopyrights function in parsettf.c...
CVE-2017-11574
FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset parsettf.c resulting in DoS or code execution via a crafted otf file...
CVE-2017-11570
FontForge 20161012 is vulnerable to a buffer over-read in umodenc parsettf.c resulting in DoS or code execution via a crafted otf file...
CVE-2017-11572
FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts parsettf.c resulting in DoS or code execution via a crafted otf file...
CVE-2017-11570
FontForge 20161012 is vulnerable to a buffer over-read in umodenc parsettf.c resulting in DoS or code execution via a crafted otf file...
CVE-2017-11570
FontForge 20161012 is affected by a buffer over-read in umodenc (parsettf.c) that can lead to DoS or code execution when processing a crafted otf file. Root cause: buffer over-read in font parsing of TrueType/OpenType glyph data. Impact is dependent on attacker-controlled font files; in the publi...
CVE-2017-11577
FontForge 20161012 is vulnerable to a buffer over-read in getsid parsettf.c resulting in DoS or code execution via a crafted otf file...
CVE-2017-11569
FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights parsettf.c resulting in DoS or code execution via a crafted otf file...
CVE-2017-11571
FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble parsettf.c resulting in DoS or code execution via a crafted otf file...
CVE-2017-11572
FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts parsettf.c resulting in DoS or code execution via a crafted otf file...
CVE-2017-11575
FontForge 20161012 is vulnerable to a buffer over-read in strnmatch char.c resulting in DoS or code execution via a crafted otf file, related to a call from the readttfcopyrights function in parsettf.c...