Your submission was sent successfully! Close

CVE-2017-11574

Published: 23 July 2017

FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c) resulting in DoS or code execution via a crafted otf file.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
fontforge
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(1:20170731~dfsg-1)
cosmic Not vulnerable
(1:20170731~dfsg-1)
precise Does not exist

trusty Does not exist
(trusty was released [20120731.b-5ubuntu0.1])
upstream
Released (1:20170731~dfsg-1, 20120731.b-5+deb8u1)
xenial
Released (20120731.b-7.1ubuntu0.1)
zesty Ignored
(reached end-of-life)