libfontforge.so is vulnerable to remote code execution (RCE) attacks. A malicious user can pass a otf
file to the ValidatePostScriptFontName
function in parsettf.c
file to cause a buffer overflow and crash the application or cause arbitrary code to be executed.
CPE | Name | Operator | Version |
---|---|---|---|
libfontforge.so | eq | 1.0.0 |