Fluid Attacks Database

Description

FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName (parsettf.c) resulting in DoS or code execution via a crafted otf file.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 12	fontforge	=1:20230101~dfsg-1 \|\| =1:20230101~dfsg-1.1 \|\| =1:20230101~dfsg-1.1~deb12u1 \|\| =1:20230101~dfsg-2 \|\| =1:20230101~dfsg-3 \|\| =1:20230101~dfsg-4 \|\| =1:20230101~dfsg-5 \|\| =1:20230101~dfsg-6 \|\| =1:20230101~dfsg-7 \|\| =1:20230101~dfsg-8
debian 11	fontforge	=1:20201107~dfsg-4 \|\| =1:20201107~dfsg-4+deb11u1 \|\| =1:20220308~dfsg-1 \|\| =1:20230101~dfsg-1 \|\| =1:20230101~dfsg-1.1 \|\| =1:20230101~dfsg-1.1~deb12u1 \|\| =1:20230101~dfsg-2 \|\| =1:20230101~dfsg-3 \|\| =1:20230101~dfsg-4 \|\| =1:20230101~dfsg-5 \|\| =1:20230101~dfsg-6 \|\| =1:20230101~dfsg-7 \|\| =1:20230101~dfsg-8
debian 14	fontforge	=1:20230101~dfsg-4 \|\| =1:20230101~dfsg-5 \|\| =1:20230101~dfsg-6 \|\| =1:20230101~dfsg-7 \|\| =1:20230101~dfsg-8
debian 13	fontforge	=1:20230101~dfsg-4 \|\| =1:20230101~dfsg-5 \|\| =1:20230101~dfsg-6 \|\| =1:20230101~dfsg-7 \|\| =1:20230101~dfsg-8
rpm rhel7	fontforge	-
rpm rhel6	fontforge	-

Aliases

1. CVE-2017-115732. NVD-2017-115733. OSV-DEBIAN-2017-115734. OSV-2017-115735. SECURITY-TRACKER-CVE-2017-11573

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.