Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-11576 (GCVE-0-2017-11576)
Vulnerability from cvelistv5 – Published: 2017-07-23 22:00 – Updated: 2024-08-05 18:12
VLAI?
EPSS
Summary
FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2017-07-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:40.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3958",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3958"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fontforge/fontforge/issues/3091"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-06T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3958",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3958"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fontforge/fontforge/issues/3091"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3958",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3958"
},
{
"name": "https://github.com/fontforge/fontforge/issues/3091",
"refsource": "MISC",
"url": "https://github.com/fontforge/fontforge/issues/3091"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11576",
"datePublished": "2017-07-23T22:00:00.000Z",
"dateReserved": "2017-07-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:12:40.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2017-11576",
"date": "2026-04-16",
"epss": "0.00249",
"percentile": "0.48268"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-11576\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-07-23T22:29:00.477\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file.\"},{\"lang\":\"es\",\"value\":\"FontForge versi\u00f3n 20161012, no garantiza un tama\u00f1o positivo en una llamada memcpy de vector weight en la funci\u00f3n readcfftopdict (parsettf.c) resultando en una DoS por medio de un archivo otf creado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fontforge:fontforge:20161012:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86C3205C-92DF-4B61-9D3F-B35D1230FB8D\"}]}]}],\"references\":[{\"url\":\"http://www.debian.org/security/2017/dsa-3958\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/fontforge/fontforge/issues/3091\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3958\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/fontforge/fontforge/issues/3091\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
GHSA-F6J8-4MX6-P423
Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2022-05-13 01:28
VLAI?
Details
FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file.
Severity ?
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2017-11576"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-23T22:29:00Z",
"severity": "MODERATE"
},
"details": "FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file.",
"id": "GHSA-f6j8-4mx6-p423",
"modified": "2022-05-13T01:28:56Z",
"published": "2022-05-13T01:28:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11576"
},
{
"type": "WEB",
"url": "https://github.com/fontforge/fontforge/issues/3091"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3958"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2017-11576
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-11576",
"description": "FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file.",
"id": "GSD-2017-11576",
"references": [
"https://www.suse.com/security/cve/CVE-2017-11576.html",
"https://www.debian.org/security/2017/dsa-3958",
"https://ubuntu.com/security/CVE-2017-11576",
"https://advisories.mageia.org/CVE-2017-11576.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-11576"
],
"details": "FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file.",
"id": "GSD-2017-11576",
"modified": "2023-12-13T01:21:15.572372Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3958",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3958"
},
{
"name": "https://github.com/fontforge/fontforge/issues/3091",
"refsource": "MISC",
"url": "https://github.com/fontforge/fontforge/issues/3091"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fontforge:fontforge:20161012:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11576"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fontforge/fontforge/issues/3091",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/fontforge/fontforge/issues/3091"
},
{
"name": "DSA-3958",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2017/dsa-3958"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2020-01-13T14:23Z",
"publishedDate": "2017-07-23T22:29Z"
}
}
}
SUSE-SU-2019:2236-1
Vulnerability from csaf_suse - Published: 2019-08-28 06:00 - Updated: 2019-08-28 06:00Summary
Security update for fontforge
Severity
Moderate
Notes
Title of the patch: Security update for fontforge
Description of the patch: This update for fontforge fixes the following security issues:
fontforge was updated to 20170731, fixings lots of bugs and security issues.
- CVE-2017-11568: Heap-based buffer over-read in PSCharStringToSplines (bsc#1050161)
- CVE-2017-11569: Heap-based buffer over-read in readttfcopyrights (bsc#1050181)
- CVE-2017-11571: Stack-based buffer overflow in addnibble (bsc#1050185)
- CVE-2017-11572: Heap-based buffer over-read in readcfftopdicts (bsc#1050187)
- CVE-2017-11573: Over-read in ValidatePostScriptFontName (bsc#1050193)
- CVE-2017-11574: Heap-based buffer overflow in readcffset (bsc#1050194)
- CVE-2017-11575: Buffer over-read in strnmatch (bsc#1050195)
- CVE-2017-11576: Ensure a positive size in a weight vector memcpycall in readcfftopdict (bsc#1050196)
- CVE-2017-11577: Buffer over-read in getsid (bsc#1050200)
Patchnames: SUSE-2019-2236,SUSE-SLE-SDK-12-SP4-2019-2236
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.6 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for fontforge",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for fontforge fixes the following security issues:\n\nfontforge was updated to 20170731, fixings lots of bugs and security issues.\n\n- CVE-2017-11568: Heap-based buffer over-read in PSCharStringToSplines (bsc#1050161)\n- CVE-2017-11569: Heap-based buffer over-read in readttfcopyrights (bsc#1050181)\n- CVE-2017-11571: Stack-based buffer overflow in addnibble (bsc#1050185)\n- CVE-2017-11572: Heap-based buffer over-read in readcfftopdicts (bsc#1050187)\n- CVE-2017-11573: Over-read in ValidatePostScriptFontName (bsc#1050193)\n- CVE-2017-11574: Heap-based buffer overflow in readcffset (bsc#1050194)\n- CVE-2017-11575: Buffer over-read in strnmatch (bsc#1050195)\n- CVE-2017-11576: Ensure a positive size in a weight vector memcpycall in readcfftopdict (bsc#1050196)\n- CVE-2017-11577: Buffer over-read in getsid (bsc#1050200)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2236,SUSE-SLE-SDK-12-SP4-2019-2236",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2236-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2236-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192236-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2236-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-August/005852.html"
},
{
"category": "self",
"summary": "SUSE Bug 1050161",
"url": "https://bugzilla.suse.com/1050161"
},
{
"category": "self",
"summary": "SUSE Bug 1050181",
"url": "https://bugzilla.suse.com/1050181"
},
{
"category": "self",
"summary": "SUSE Bug 1050185",
"url": "https://bugzilla.suse.com/1050185"
},
{
"category": "self",
"summary": "SUSE Bug 1050187",
"url": "https://bugzilla.suse.com/1050187"
},
{
"category": "self",
"summary": "SUSE Bug 1050193",
"url": "https://bugzilla.suse.com/1050193"
},
{
"category": "self",
"summary": "SUSE Bug 1050194",
"url": "https://bugzilla.suse.com/1050194"
},
{
"category": "self",
"summary": "SUSE Bug 1050195",
"url": "https://bugzilla.suse.com/1050195"
},
{
"category": "self",
"summary": "SUSE Bug 1050196",
"url": "https://bugzilla.suse.com/1050196"
},
{
"category": "self",
"summary": "SUSE Bug 1050200",
"url": "https://bugzilla.suse.com/1050200"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11568 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11568/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11569 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11569/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11571 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11572 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11573 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11573/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11574 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11575 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11575/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11576 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11576/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11577 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11577/"
}
],
"title": "Security update for fontforge",
"tracking": {
"current_release_date": "2019-08-28T06:00:09Z",
"generator": {
"date": "2019-08-28T06:00:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2236-1",
"initial_release_date": "2019-08-28T06:00:09Z",
"revision_history": [
{
"date": "2019-08-28T06:00:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "fontforge-20170731-11.8.1.aarch64",
"product": {
"name": "fontforge-20170731-11.8.1.aarch64",
"product_id": "fontforge-20170731-11.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "fontforge-devel-20170731-11.8.1.aarch64",
"product": {
"name": "fontforge-devel-20170731-11.8.1.aarch64",
"product_id": "fontforge-devel-20170731-11.8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "fontforge-20170731-11.8.1.i586",
"product": {
"name": "fontforge-20170731-11.8.1.i586",
"product_id": "fontforge-20170731-11.8.1.i586"
}
},
{
"category": "product_version",
"name": "fontforge-devel-20170731-11.8.1.i586",
"product": {
"name": "fontforge-devel-20170731-11.8.1.i586",
"product_id": "fontforge-devel-20170731-11.8.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "fontforge-doc-20170731-11.8.1.noarch",
"product": {
"name": "fontforge-doc-20170731-11.8.1.noarch",
"product_id": "fontforge-doc-20170731-11.8.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "fontforge-20170731-11.8.1.ppc64le",
"product": {
"name": "fontforge-20170731-11.8.1.ppc64le",
"product_id": "fontforge-20170731-11.8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "fontforge-devel-20170731-11.8.1.ppc64le",
"product": {
"name": "fontforge-devel-20170731-11.8.1.ppc64le",
"product_id": "fontforge-devel-20170731-11.8.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "fontforge-20170731-11.8.1.s390",
"product": {
"name": "fontforge-20170731-11.8.1.s390",
"product_id": "fontforge-20170731-11.8.1.s390"
}
},
{
"category": "product_version",
"name": "fontforge-devel-20170731-11.8.1.s390",
"product": {
"name": "fontforge-devel-20170731-11.8.1.s390",
"product_id": "fontforge-devel-20170731-11.8.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "fontforge-20170731-11.8.1.s390x",
"product": {
"name": "fontforge-20170731-11.8.1.s390x",
"product_id": "fontforge-20170731-11.8.1.s390x"
}
},
{
"category": "product_version",
"name": "fontforge-devel-20170731-11.8.1.s390x",
"product": {
"name": "fontforge-devel-20170731-11.8.1.s390x",
"product_id": "fontforge-devel-20170731-11.8.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "fontforge-20170731-11.8.1.x86_64",
"product": {
"name": "fontforge-20170731-11.8.1.x86_64",
"product_id": "fontforge-20170731-11.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "fontforge-devel-20170731-11.8.1.x86_64",
"product": {
"name": "fontforge-devel-20170731-11.8.1.x86_64",
"product_id": "fontforge-devel-20170731-11.8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "fontforge-20170731-11.8.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64"
},
"product_reference": "fontforge-20170731-11.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fontforge-20170731-11.8.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le"
},
"product_reference": "fontforge-20170731-11.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fontforge-20170731-11.8.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x"
},
"product_reference": "fontforge-20170731-11.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fontforge-20170731-11.8.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
},
"product_reference": "fontforge-20170731-11.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-11568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11568"
}
],
"notes": [
{
"category": "general",
"text": "FontForge 20161012 is vulnerable to a heap-based buffer over-read in PSCharStringToSplines (psread.c) resulting in DoS or code execution via a crafted otf file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11568",
"url": "https://www.suse.com/security/cve/CVE-2017-11568"
},
{
"category": "external",
"summary": "SUSE Bug 1050161 for CVE-2017-11568",
"url": "https://bugzilla.suse.com/1050161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-28T06:00:09Z",
"details": "moderate"
}
],
"title": "CVE-2017-11568"
},
{
"cve": "CVE-2017-11569",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11569"
}
],
"notes": [
{
"category": "general",
"text": "FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights (parsettf.c) resulting in DoS or code execution via a crafted otf file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11569",
"url": "https://www.suse.com/security/cve/CVE-2017-11569"
},
{
"category": "external",
"summary": "SUSE Bug 1050181 for CVE-2017-11569",
"url": "https://bugzilla.suse.com/1050181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-28T06:00:09Z",
"details": "moderate"
}
],
"title": "CVE-2017-11569"
},
{
"cve": "CVE-2017-11571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11571"
}
],
"notes": [
{
"category": "general",
"text": "FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble (parsettf.c) resulting in DoS or code execution via a crafted otf file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11571",
"url": "https://www.suse.com/security/cve/CVE-2017-11571"
},
{
"category": "external",
"summary": "SUSE Bug 1050185 for CVE-2017-11571",
"url": "https://bugzilla.suse.com/1050185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-28T06:00:09Z",
"details": "moderate"
}
],
"title": "CVE-2017-11571"
},
{
"cve": "CVE-2017-11572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11572"
}
],
"notes": [
{
"category": "general",
"text": "FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts (parsettf.c) resulting in DoS or code execution via a crafted otf file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11572",
"url": "https://www.suse.com/security/cve/CVE-2017-11572"
},
{
"category": "external",
"summary": "SUSE Bug 1050187 for CVE-2017-11572",
"url": "https://bugzilla.suse.com/1050187"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-28T06:00:09Z",
"details": "moderate"
}
],
"title": "CVE-2017-11572"
},
{
"cve": "CVE-2017-11573",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11573"
}
],
"notes": [
{
"category": "general",
"text": "FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName (parsettf.c) resulting in DoS or code execution via a crafted otf file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11573",
"url": "https://www.suse.com/security/cve/CVE-2017-11573"
},
{
"category": "external",
"summary": "SUSE Bug 1050193 for CVE-2017-11573",
"url": "https://bugzilla.suse.com/1050193"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-28T06:00:09Z",
"details": "moderate"
}
],
"title": "CVE-2017-11573"
},
{
"cve": "CVE-2017-11574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11574"
}
],
"notes": [
{
"category": "general",
"text": "FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c) resulting in DoS or code execution via a crafted otf file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11574",
"url": "https://www.suse.com/security/cve/CVE-2017-11574"
},
{
"category": "external",
"summary": "SUSE Bug 1050194 for CVE-2017-11574",
"url": "https://bugzilla.suse.com/1050194"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-28T06:00:09Z",
"details": "moderate"
}
],
"title": "CVE-2017-11574"
},
{
"cve": "CVE-2017-11575",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11575"
}
],
"notes": [
{
"category": "general",
"text": "FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (char.c) resulting in DoS or code execution via a crafted otf file, related to a call from the readttfcopyrights function in parsettf.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11575",
"url": "https://www.suse.com/security/cve/CVE-2017-11575"
},
{
"category": "external",
"summary": "SUSE Bug 1050195 for CVE-2017-11575",
"url": "https://bugzilla.suse.com/1050195"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-28T06:00:09Z",
"details": "moderate"
}
],
"title": "CVE-2017-11575"
},
{
"cve": "CVE-2017-11576",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11576"
}
],
"notes": [
{
"category": "general",
"text": "FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11576",
"url": "https://www.suse.com/security/cve/CVE-2017-11576"
},
{
"category": "external",
"summary": "SUSE Bug 1050196 for CVE-2017-11576",
"url": "https://bugzilla.suse.com/1050196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-28T06:00:09Z",
"details": "moderate"
}
],
"title": "CVE-2017-11576"
},
{
"cve": "CVE-2017-11577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11577"
}
],
"notes": [
{
"category": "general",
"text": "FontForge 20161012 is vulnerable to a buffer over-read in getsid (parsettf.c) resulting in DoS or code execution via a crafted otf file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11577",
"url": "https://www.suse.com/security/cve/CVE-2017-11577"
},
{
"category": "external",
"summary": "SUSE Bug 1050200 for CVE-2017-11577",
"url": "https://bugzilla.suse.com/1050200"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-28T06:00:09Z",
"details": "moderate"
}
],
"title": "CVE-2017-11577"
}
]
}
CNVD-2017-18535
Vulnerability from cnvd - Published: 2017-08-02
VLAI Severity ?
Title
FontForge拒绝服务漏洞
Description
FontForge是一款开源的支持多种语言的字体编辑工具。
FontForge 20161012版本中的readcfftopdict的weight vector memcpy调用存在安全漏洞。攻击者可借助otf文件利用该漏洞造成拒绝服务。
Severity
中
Formal description
目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法: http://fontforge.github.io/en-US/
Reference
https://nvd.nist.gov/vuln/detail/CVE-2017-11576
Impacted products
| Name | FontForge FontForge 20161012 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-11576"
}
},
"description": "FontForge\u662f\u4e00\u6b3e\u5f00\u6e90\u7684\u652f\u6301\u591a\u79cd\u8bed\u8a00\u7684\u5b57\u4f53\u7f16\u8f91\u5de5\u5177\u3002\r\n\r\nFontForge 20161012\u7248\u672c\u4e2d\u7684readcfftopdict\u7684weight vector memcpy\u8c03\u7528\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9otf\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "gnehsoah",
"formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttp://fontforge.github.io/en-US/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-18535",
"openTime": "2017-08-02",
"products": {
"product": "FontForge FontForge 20161012"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-11576",
"serverity": "\u4e2d",
"submitTime": "2017-07-24",
"title": "FontForge\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
FKIE_CVE-2017-11576
Vulnerability from fkie_nvd - Published: 2017-07-23 22:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.debian.org/security/2017/dsa-3958 | ||
| cve@mitre.org | https://github.com/fontforge/fontforge/issues/3091 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3958 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fontforge/fontforge/issues/3091 | Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fontforge:fontforge:20161012:*:*:*:*:*:*:*",
"matchCriteriaId": "86C3205C-92DF-4B61-9D3F-B35D1230FB8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file."
},
{
"lang": "es",
"value": "FontForge versi\u00f3n 20161012, no garantiza un tama\u00f1o positivo en una llamada memcpy de vector weight en la funci\u00f3n readcfftopdict (parsettf.c) resultando en una DoS por medio de un archivo otf creado."
}
],
"id": "CVE-2017-11576",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-23T22:29:00.477",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3958"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/fontforge/fontforge/issues/3091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/fontforge/fontforge/issues/3091"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…