2 matches found
USN-3409-1: FontForge vulnerabilities
It was discovered that FontForge was vulnerable to a heap-based buffer over-read. A remote attacker could use a crafted file to DoS or execute arbitrary code. CVE-2017-11568, CVE-2017-11569, CVE-2017-11572 It was discovered that FontForge was vulnerable to a stack-based buffer overflow. A remote...
CVE-2017-11574
FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c) triggered by a crafted OpenType font, leading to DoS or code execution. Public sources in connected documents show a fixed update (fontforge 20170731 per OSV SUSE-SU-2019:2236-1) and Mageia/Mageia advisori...