https://bugzilla.redhat.com/show_bug.cgi?id=1475393
Bug ID: 1475393
Summary: CVE-2017-11575 fontforge: Buffer over-read in
strnmatch function
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: eng-i18n-bugs(a)redhat.com,
fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com,
paul(a)frixxon.co.uk, pnemade(a)redhat.com
FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (char.c)
resulting in DoS or via a crafted otf file, related to a call from the
readttfcopyrights function in parsettf.c.
Upstream issue:
https://github.com/fontforge/fontforge/issues/3096
--
You are receiving this mail because:
You are on the CC list for the bug.