SUSE CVE-2017-11574

FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset parsettf.c resulting in DoS or code execution via a crafted otf file...

Remote Code Execution (RCE) Through Buffer Overflow

libfontforge.so is vulnerable to remote code execution RCE attacks through buffer overflow. A malicious user can pass a ttf file to the readcffset function in parsettf.c to cause a buffer overflow that can crash the application or cause arbitrary code to be executed...