[Bug 1475390] New: CVE-2017-11572 fontforge: Heap-based buffer over-read in readcfftopidcts function

https://bugzilla.redhat.com/show_bug.cgi?id=1475390 Bug ID: 1475390 Summary: CVE-2017-11572 fontforge: Heap-based buffer over-read in readcfftopidcts function Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: eng-i18n-bugs(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com, paul(a)frixxon.co.uk, pnemade(a)redhat.com FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts (parsettf.c) resulting in DoS via a crafted otf file. Upstream issue: https://github.com/fontforge/fontforge/issues/3092 -- You are receiving this mail because: You are on the CC list for the bug.