Buffer Over-read Vulnerability in FontForge Affects File Processing
CVE-2017-11575

7.8HIGH

Key Information:

Vendor

Fontforge

Status
Fontforge
Vendor
CVE Published:
23 July 2017

What is CVE-2017-11575?

A vulnerability exists in FontForge 20161012 that allows for a buffer over-read in the strnmatch function (located in char.c). This issue can be exploited when processing a specially crafted OTF (OpenType Font) file, potentially leading to denial of service (DoS) or arbitrary code execution. The vulnerability is associated with the readttfcopyrights function in parsettf.c, which fails to adequately handle certain input scenarios. Users of affected versions are encouraged to apply relevant patches or updates to mitigate the risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.debian.org/security/2017/dsa-3958
vendor-advisoryx_refsource_DEBIAN
https://github.com/fontforge/fontforge/issues/3096
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.