https://bugzilla.redhat.com/show_bug.cgi?id=1475392
Bug ID: 1475392 Summary: CVE-2017-11574 fontforge: Heap-based buffer overflow in readcffset function Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@redhat.com Reporter: anemec@redhat.com CC: eng-i18n-bugs@redhat.com, fonts-bugs@lists.fedoraproject.org, kevin@scrye.com, paul@frixxon.co.uk, pnemade@redhat.com
FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c) resulting in DoS via a crafted otf file.
Upstream issue:
https://github.com/fontforge/fontforge/issues/3090