https://bugzilla.redhat.com/show_bug.cgi?id=1475391
Bug ID: 1475391 Summary: CVE-2017-11573 fontforge: Buffer over-read in ValidatePostScriptFontName function Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@redhat.com Reporter: anemec@redhat.com CC: eng-i18n-bugs@redhat.com, fonts-bugs@lists.fedoraproject.org, kevin@scrye.com, paul@frixxon.co.uk, pnemade@redhat.com
FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName (parsettf.c) resulting in DoS via a crafted otf file.
Upstream issue:
https://github.com/fontforge/fontforge/issues/3098
https://bugzilla.redhat.com/show_bug.cgi?id=1475391
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX Last Closed| |2017-07-26 10:44:08
https://bugzilla.redhat.com/show_bug.cgi?id=1475391
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1475398
--- Comment #1 from Andrej Nemec anemec@redhat.com --- Created fontforge tracking bugs for this issue:
Affects: fedora-all [bug 1475398]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1475398 [Bug 1475398] CVE-2017-11568 CVE-2017-11569 CVE-2017-11570 CVE-2017-11571 CVE-2017-11572 CVE-2017-11573 CVE-2017-11574 CVE-2017-11575 CVE-2017-11576 CVE-2017-11577 fontforge: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475391 Bug 1475391 depends on bug 1475398, which changed state.
Bug 1475398 Summary: CVE-2017-11568 CVE-2017-11569 CVE-2017-11570 CVE-2017-11571 CVE-2017-11572 CVE-2017-11573 CVE-2017-11574 CVE-2017-11575 CVE-2017-11576 CVE-2017-11577 fontforge: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1475398
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NEXTRELEASE
fonts-bugs@lists.fedoraproject.org