52 matches found
SUSE CVE-2017-11574
FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset parsettf.c resulting in DoS or code execution via a crafted otf file...
SUSE CVE-2017-11577
FontForge 20161012 is vulnerable to a buffer over-read in getsid parsettf.c resulting in DoS or code execution via a crafted otf file...
Remote Code Execution (RCE)
libfontforge.so is vulnerable to remote code execution RCE attacks.A malicious user can pass a ttf file to the getsid function in the parsettf.c file to cause a buffer over-read that can crash the application or cause arbitrary code to be executed...
Remote Code Execution (RCE) Through Buffer Overflow
libfontforge.so is vulnerable to remote code execution RCE attacks through buffer overflow. A malicious user can pass a ttf file to the readcffset function in parsettf.c to cause a buffer overflow that can crash the application or cause arbitrary code to be executed...
Denial Of Service (DoS)
libfontforge.so is vulnerable to denial of service DoS through stack-based under flow attacks. The vulnerability exists as it failed to check if the weight vector in the readcfftopdict function of parsettf.c is positive, allowing a malicious otf file to cause a denial of service DoS through...
CVE-2017-11577
FontForge 20161012 is vulnerable to a buffer over-read in getsid parsettf.c resulting in DoS or code execution via a crafted otf file...
CVE-2017-11576
FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict parsettf.c resulting in DoS via a crafted otf file...
CVE-2017-11574
FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset parsettf.c resulting in DoS or code execution via a crafted otf file...
CVE-2017-11573
FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName parsettf.c resulting in DoS or code execution via a crafted otf file...
CVE-2017-11572
FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts parsettf.c resulting in DoS or code execution via a crafted otf file...
CVE-2017-11571
FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble parsettf.c resulting in DoS or code execution via a crafted otf file...
CVE-2017-11570
FontForge 20161012 is vulnerable to a buffer over-read in umodenc parsettf.c resulting in DoS or code execution via a crafted otf file...
CVE-2017-11569
FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights parsettf.c resulting in DoS or code execution via a crafted otf file...
CVE-2017-11573
FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName parsettf.c resulting in DoS or code execution via a crafted otf file...
CVE-2017-11571
FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble parsettf.c resulting in DoS or code execution via a crafted otf file...
CVE-2017-11569
FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights parsettf.c resulting in DoS or code execution via a crafted otf file...
CVE-2017-11573
FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName parsettf.c resulting in DoS or code execution via a crafted otf file...
CVE-2017-11576
FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict parsettf.c resulting in DoS via a crafted otf file...
CVE-2017-11577
FontForge 20161012 is vulnerable to a buffer over-read in getsid parsettf.c resulting in DoS or code execution via a crafted otf file...
Heap overflow
FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts parsettf.c resulting in DoS or code execution via a crafted otf file...