vulnerability

Ubuntu: USN-3409-1 (CVE-2017-11577): FontForge vulnerabilities

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
2017-07-23
Added
2017-09-04
Modified
2025-04-25

Description

It was discovered that FontForge was vulnerable to a heap-based buffer
over-read. A remote attacker could use a crafted file to DoS or execute
arbitrary code. (CVE-2017-11568, CVE-2017-11569, CVE-2017-11572)

It was discovered that FontForge was vulnerable to a stack-based buffer
overflow. A remote attacker could use a crafted file to DoS or execute
arbitrary code. (CVE-2017-11571)

It was discovered that FontForge was vulnerable to a heap-based buffer
overflow. A remote attacker could use a crafted file to DoS or execute
arbitrary code. (CVE-2017-11574)

It was discovered that FontForge was vulnerable to a buffer over-read.
A remote attacker could use a crafted file to DoS or execute arbitrary
code. (CVE-2017-11575, CVE-2017-11577)

It was discovered that FontForge wasn't correctly checking the sign of
a vector size. A remote attacker could use a crafted file to DoS.
(CVE-2017-11576)

Solution(s)

ubuntu-upgrade-fontforgeubuntu-upgrade-fontforge-common
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.