4 matches found
Remote Code Execution (RCE) Through Buffer Overflow
libfontforge.so is vulnerable to remote code execution RCE attacks. A malicious user can pass a ttf file to the readcffset function in parsettf.c to cause a buffer overflow that can crash the application or cause arbitrary code to be executed...
Remote Code Execution (RCE) Through Buffer Overread
libfontforge.so is vulnerable to remote code execution RCE0 attacks. A malicious user can pass a ttf file to the application to cause a buffer overread that can crash the application or allow arbitrary code to be executed...
Remote Code Execution (RCE)
libfontforge.so is vulnerable to remote code execution RCE attacks. The application does not properly validate strings in the BROWSER environment variable, allowing a malicious user to inject and execute arbitrary commands...
Denial Of Service (DoS)
libfontforge.so is vulnerable to denial of service DoS through stack-based under flow attacks. The vulnerability exists as it failed to check if the weight vector in the readcfftopdict function of parsettf.c is positive, allowing a malicious otf file to cause a denial of service DoS through...