[Bug 1475391] New: CVE-2017-11573 fontforge: Buffer over-read in ValidatePostScriptFontName function

Wednesday, 26 July 2017

https://bugzilla.redhat.com/show_bug.cgi?id=1475391

            Bug ID: 1475391
           Summary: CVE-2017-11573 fontforge: Buffer over-read in
                    ValidatePostScriptFontName function
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: low
          Priority: low
          Assignee: security-response-team(a)redhat.com
          Reporter: anemec(a)redhat.com
                CC: eng-i18n-bugs(a)redhat.com,
                    fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com,
                    paul(a)frixxon.co.uk, pnemade(a)redhat.com

FontForge 20161012 is vulnerable to a buffer over-read in
ValidatePostScriptFontName (parsettf.c) resulting in DoS via a crafted otf
file.

Upstream issue:

https://github.com/fontforge/fontforge/issues/3098

-- 
You are receiving this mail because:
You are on the CC list for the bug.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

[Bug 1475391] New: CVE-2017-11573 fontforge: Buffer over-read in ValidatePostScriptFontName function