9:40 a.m.
https://bugzilla.redhat.com/show_bug.cgi?id=1475392
Bug ID: 1475392
Summary: CVE-2017-11574 fontforge: Heap-based buffer overflow
in readcffset function
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: eng-i18n-bugs(a)redhat.com,
fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com,
paul(a)frixxon.co.uk, pnemade(a)redhat.com
FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset
(parsettf.c) resulting in DoS via a crafted otf file.
Upstream issue:
https://github.com/fontforge/fontforge/issues/3090
--
You are receiving this mail because:
You are on the CC list for the bug.
9:44 a.m.
New subject: [Bug 1475392] CVE-2017-11574 fontforge:
Heap-based buffer overflow in readcffset function
https://bugzilla.redhat.com/show_bug.cgi?id=1475392
Andrej Nemec <anemec(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |WONTFIX
Last Closed| |2017-07-26 10:44:11
--
You are receiving this mail because:
You are on the CC list for the bug.
9:46 a.m.
New subject: [Bug 1475392] CVE-2017-11574 fontforge:
Heap-based buffer overflow in readcffset function
https://bugzilla.redhat.com/show_bug.cgi?id=1475392
Andrej Nemec <anemec(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1475398
--- Comment #1 from Andrej Nemec <anemec(a)redhat.com> ---
Created fontforge tracking bugs for this issue:
Affects: fedora-all [bug 1475398]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1475398
[Bug 1475398] CVE-2017-11568 CVE-2017-11569 CVE-2017-11570 CVE-2017-11571
CVE-2017-11572 CVE-2017-11573 CVE-2017-11574 CVE-2017-11575 CVE-2017-11576
CVE-2017-11577 fontforge: various flaws [fedora-all]
--
You are receiving this mail because:
You are on the CC list for the bug.
3:25 a.m.
New subject: [Bug 1475392] CVE-2017-11574 fontforge:
Heap-based buffer overflow in readcffset function
https://bugzilla.redhat.com/show_bug.cgi?id=1475392
--- Comment #2 from Parag Nemade <pnemade(a)redhat.com> ---
Fixed in rawhide build fontforge-20170731-1.fc27
--
You are receiving this mail because:
You are on the CC list for the bug.
10:25 p.m.
New subject: [Bug 1475392] CVE-2017-11574 fontforge:
Heap-based buffer overflow in readcffset function
https://bugzilla.redhat.com/show_bug.cgi?id=1475392
Bug 1475392 depends on bug 1475398, which changed state.
Bug 1475398 Summary: CVE-2017-11568 CVE-2017-11569 CVE-2017-11570 CVE-2017-11571
CVE-2017-11572 CVE-2017-11573 CVE-2017-11574 CVE-2017-11575 CVE-2017-11576 CVE-2017-11577
fontforge: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475398
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |NEXTRELEASE
--
You are receiving this mail because:
You are on the CC list for the bug.
2089
days inactive
2261
days old
fonts-bugs@lists.fedoraproject.org
4 comments
1 participants
participants (1)
-
bugzilla@redhat.com