CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

54 matches found

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-3185

Malware in sbrugna...

7.8CVSS7.7AI score0.00273EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-3190

Malware in sbrugna...

7.8CVSS7.7AI score0.00273EPSS

Exploits0References7

WPVulnDB•added 2023/10/09 12:0 a.m.•15 views

CITS Support svg, webp Media and TTF,OTF File Upload < 3.0 - Author+ Stored XSS via SVG

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC As an author, upload an SVG with the payload: View the SVG and see the XSS...

5.4CVSS5.3AI score0.00222EPSS

Exploits2Affected Software1

SUSE CVE•added 2023/02/15 4:42 a.m.•1 views

SUSE CVE-2017-11569

FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights parsettf.c resulting in DoS or code execution via a crafted otf file...

7.6CVSS8.9AI score0.00565EPSS

Exploits0References4

SUSE CVE•added 2023/02/15 4:42 a.m.•2 views

SUSE CVE-2017-11571

FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble parsettf.c resulting in DoS or code execution via a crafted otf file...

6.3CVSS9AI score0.00513EPSS

Exploits0References4

Veracode•added 2018/05/28 10:12 a.m.•16 views

Remote Code Execution (RCE)

libfontforge.so is vulnerable to remote code execution RCE attacks. A malicious user can pass an otf file to the PSCharStringToSplines function in psread.c to cause a buffer overflow that can crash the application or cause arbitrary code execution...

7.8CVSS8.1AI score0.00285EPSS

Exploits0References3Affected Software1

Veracode•added 2018/05/28 9:58 a.m.•21 views

Remote Code Execution (RCE)

libfontforge.so is vulnerable to remote code execution RCE attacks. A malicious user can pass an otf file to the umodenc function in parsettf.c to cause a buffer overflow and crash the application or cause arbitrary code to be executed...

7.8CVSS8.2AI score0.00273EPSS

Exploits0References1Affected Software1

Veracode•added 2018/05/28 8:32 a.m.•15 views

Remote Code Execution (RCE)

libfontforge.so is vulnerable to remote code execution RCE attacks. A malicious user can pass a otf file to the ValidatePostScriptFontName function in parsettf.c file to cause a buffer overflow and crash the application or cause arbitrary code to be executed...

7.8CVSS8.2AI score0.00273EPSS

Exploits0References1Affected Software1

Veracode•added 2018/04/13 4:39 a.m.•15 views

Denial Of Service (DoS)

libfontforge.so is vulnerable to denial of service DoS through stack-based under flow attacks. The vulnerability exists as it failed to check if the weight vector in the readcfftopdict function of parsettf.c is positive, allowing a malicious otf file to cause a denial of service DoS through...

5.5CVSS5.8AI score0.00249EPSS

Exploits0References5Affected Software1

Tenable Nessus•added 2017/08/28 12:0 a.m.•22 views

Debian DLA-1065-1 : fontforge security update

FontForge is vulnerable to heap-based buffer over-read in several functions, resulting in DoS or code execution via a crafted otf file : For Debian 7 'Wheezy', these problems have been fixed in version 0.0.20120101+git-2+deb7u1. We recommend that you upgrade your fontforge packages. NOTE: Tenable...

7.8CVSS7.4AI score0.00635EPSS

Exploits0References10

RedhatCVE•added 2017/07/26 2:50 p.m.•17 views

CVE-2017-11575

FontForge 20161012 is vulnerable to a buffer over-read in strnmatch char.c resulting in DoS or code execution via a crafted otf file, related to a call from the readttfcopyrights function in parsettf.c...

7.8CVSS3.8AI score0.00273EPSS

Exploits0References1

RedhatCVE•added 2017/07/26 2:49 p.m.•21 views

CVE-2017-11571

FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble parsettf.c resulting in DoS or code execution via a crafted otf file...

7.8CVSS5.3AI score0.00513EPSS

Exploits0References1

CNVD•added 2017/07/24 12:0 a.m.•2 views

FontForge Denial of Service Vulnerability

FontForge is an open source font editing tool that supports multiple languages. A security vulnerability exists in the weight vector memcpy call to readcfftopdict in FontForge version 20161012. An attacker can exploit this vulnerability to cause a denial of service with the help of an otf file...

5.5CVSS6.7AI score0.00249EPSS

Exploits0References1

OSV•added 2017/07/23 10:29 p.m.•14 views

CVE-2017-11569

FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights parsettf.c resulting in DoS or code execution via a crafted otf file...

7.8CVSS7.2AI score

Exploits0References2

OSV•added 2017/07/23 10:29 p.m.•11 views

CVE-2017-11571

FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble parsettf.c resulting in DoS or code execution via a crafted otf file...

7.8CVSS7.4AI score

Exploits0References2

OSV•added 2017/07/23 10:29 p.m.•14 views

CVE-2017-11574

FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset parsettf.c resulting in DoS or code execution via a crafted otf file...

7.8CVSS7.4AI score

Exploits0References2

OSV•added 2017/07/23 10:29 p.m.•12 views

CVE-2017-11572

FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts parsettf.c resulting in DoS or code execution via a crafted otf file...

7.8CVSS7.2AI score

Exploits0References2

OSV•added 2017/07/23 10:29 p.m.•15 views

CVE-2017-11576

FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict parsettf.c resulting in DoS via a crafted otf file...

5.5CVSS6.5AI score

Exploits0References2

OSV•added 2017/07/23 10:29 p.m.•13 views

CVE-2017-11577

FontForge 20161012 is vulnerable to a buffer over-read in getsid parsettf.c resulting in DoS or code execution via a crafted otf file...

7.8CVSS7.2AI score

Exploits0References2

OSV•added 2017/07/23 10:29 p.m.•19 views

CVE-2017-11575

7.8CVSS7.2AI score

Exploits0References2

Rows per page