[Bug 1475388] New: CVE-2017-11570 fontforge: Buffer over-read in umodenc function

Wednesday, 26 July 2017

https://bugzilla.redhat.com/show_bug.cgi?id=1475388

            Bug ID: 1475388
           Summary: CVE-2017-11570 fontforge: Buffer over-read in umodenc
                    function
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: low
          Priority: low
          Assignee: security-response-team(a)redhat.com
          Reporter: anemec(a)redhat.com
                CC: eng-i18n-bugs(a)redhat.com,
                    fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com,
                    paul(a)frixxon.co.uk, pnemade(a)redhat.com

FontForge 20161012 is vulnerable to a buffer over-read in umodenc (parsettf.c)
resulting in DoS or via a crafted otf file.

Upstream issue:

https://github.com/fontforge/fontforge/issues/3097

-- 
You are receiving this mail because:
You are on the CC list for the bug.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

[Bug 1475388] New: CVE-2017-11570 fontforge: Buffer over-read in umodenc function