CVE-2017-11573

Published: 23 July 2017

FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName (parsettf.c) resulting in DoS or code execution via a crafted otf file.

Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
fontforge
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 20.10 (Groovy Gorilla) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)