[Bug 1526142] New: CVE-2017-17521 fontforge: Command injetion in help function uiutil.c

Thursday, 14 December 2017

https://bugzilla.redhat.com/show_bug.cgi?id=1526142

            Bug ID: 1526142
           Summary: CVE-2017-17521 fontforge: Command injetion in help
                    function uiutil.c
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team(a)redhat.com
          Reporter: psampaio(a)redhat.com
                CC: eng-i18n-bugs(a)redhat.com,
                    fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com,
                    paul(a)frixxon.co.uk, pnemade(a)redhat.com

A flaw was found in FontForge through 20170731. uiutil.c does not validate
strings before launching the program specified by the BROWSER environment
variable, which might allow remote attackers to conduct argument-injection
attacks via a crafted URL. A different vulnerability than CVE-2017-17534.

References:

https://security-tracker.debian.org/tracker/CVE-2017-17521

-- 
You are receiving this mail because:
You are on the CC list for the bug.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

[Bug 1526142] New: CVE-2017-17521 fontforge: Command injetion in help function uiutil.c