3 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-11575
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FontForge 20161012 is vulnerable to a buffer over-read in strnmatch char.c resulting in DoS or code execution via a crafted otf file, related to a call from the...
USN-3409-1: FontForge vulnerabilities
It was discovered that FontForge was vulnerable to a heap-based buffer over-read. A remote attacker could use a crafted file to DoS or execute arbitrary code. CVE-2017-11568, CVE-2017-11569, CVE-2017-11572 It was discovered that FontForge was vulnerable to a stack-based buffer overflow. A remote...
CVE-2017-11575
FontForge 20161012 is affected by CVE-2017-11575: a buffer over-read in strnmatch (char.c) can trigger DoS or code execution via a crafted OpenType font, linked to readttfcopyrights in parsettf.c. Multiple advisories confirm the issue and document fixes in later FontForge releases (e.g., updates ...