logo

Database

Out-of-bounds read In fontforge

Description

FontForge 20161012 is vulnerable to a buffer over-read in getsid (parsettf.c) resulting in DoS or code execution via a crafted otf file.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2017-115772. NVD-2017-115773. OSV-DEBIAN-2017-115774. OSV-2017-115775. SECURITY-TRACKER-CVE-2017-11577

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.