[Bug 1475386] New: CVE-2017-11569 fontforge: Heap-buffer over-read in readttfcopyrights function

Wednesday, 26 July 2017

https://bugzilla.redhat.com/show_bug.cgi?id=1475386

            Bug ID: 1475386
           Summary: CVE-2017-11569 fontforge: Heap-buffer over-read in
                    readttfcopyrights function
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: low
          Priority: low
          Assignee: security-response-team(a)redhat.com
          Reporter: anemec(a)redhat.com
                CC: eng-i18n-bugs(a)redhat.com,
                    fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com,
                    paul(a)frixxon.co.uk, pnemade(a)redhat.com

FontForge 20161012 is vulnerable to a heap-based buffer over-read in
readttfcopyrights (parsettf.c) resulting in DoS via a crafted otf file.

Upstream issue:

https://github.com/fontforge/fontforge/issues/3093

-- 
You are receiving this mail because:
You are on the CC list for the bug.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

[Bug 1475386] New: CVE-2017-11569 fontforge: Heap-buffer over-read in readttfcopyrights function