libfontforge.so is vulnerable to remote code execution (RCE) attacks.A malicious user can pass a ttf
file to the getsid
function in the parsettf.c
file to cause a buffer over-read that can crash the application or cause arbitrary code to be executed.
CPE | Name | Operator | Version |
---|---|---|---|
libfontforge.so | eq | 1.0.0 |