Heap-Based Buffer Overflow in FontForge Affects Multiple Versions
CVE-2017-11574

7.8HIGH

Key Information:

Vendor: Fontforge
Status: Fontforge
Vendor: CVE Published:; 23 July 2017

What is CVE-2017-11574?

FontForge, particularly version 20161012, has a vulnerability that exposes it to a heap-based buffer overflow in the readcffset function within parsettf.c. This flaw can lead to denial-of-service (DoS) scenarios or allow malicious users to execute arbitrary code through carefully crafted OpenType Font (OTF) files. The vulnerability underscores the importance of keeping software updated to mitigate potential exploits.

References

https://github.com/fontforge/fontforge/issues/3090

x_refsource_MISC

http://www.debian.org/security/2017/dsa-3958

vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2017
Vulnerability Reserved
Jul 23, 2017

CVE-2017-11574 Data

JSON

Fontforge

What is CVE-2017-11574?

References

CVSS V3.1

Timeline