Source: fontforge Version: 20120731.b-5 Severity: important Tags: upstream security
Hi, the following vulnerabilities were published for fontforge. CVE-2017-11568[0]: | FontForge 20161012 is vulnerable to a heap-based buffer over-read in | PSCharStringToSplines (psread.c) resulting in DoS or code execution via | a crafted otf file. CVE-2017-11569[1]: | FontForge 20161012 is vulnerable to a heap-based buffer over-read in | readttfcopyrights (parsettf.c) resulting in DoS or code execution via a | crafted otf file. CVE-2017-11570[2]: | FontForge 20161012 is vulnerable to a buffer over-read in umodenc | (parsettf.c) resulting in DoS or code execution via a crafted otf file. CVE-2017-11571[3]: | FontForge 20161012 is vulnerable to a stack-based buffer overflow in | addnibble (parsettf.c) resulting in DoS or code execution via a crafted | otf file. CVE-2017-11572[4]: | FontForge 20161012 is vulnerable to a heap-based buffer over-read in | readcfftopdicts (parsettf.c) resulting in DoS or code execution via a | crafted otf file. CVE-2017-11573[5]: | FontForge 20161012 is vulnerable to a buffer over-read in | ValidatePostScriptFontName (parsettf.c) resulting in DoS or code | execution via a crafted otf file. CVE-2017-11574[6]: | FontForge 20161012 is vulnerable to a heap-based buffer overflow in | readcffset (parsettf.c) resulting in DoS or code execution via a | crafted otf file. CVE-2017-11575[7]: | FontForge 20161012 is vulnerable to a buffer over-read in strnmatch | (char.c) resulting in DoS or code execution via a crafted otf file, | related to a call from the readttfcopyrights function in parsettf.c. CVE-2017-11576[8]: | FontForge 20161012 does not ensure a positive size in a weight vector | memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a | crafted otf file. CVE-2017-11577[9]: | FontForge 20161012 is vulnerable to a buffer over-read in getsid | (parsettf.c) resulting in DoS or code execution via a crafted otf file. Apart of CVE-2017-11570 and CVE-2017-11575 the issues seem easily reproducible/shown as well back to 20120731.b-5. But I have not been able to verify yet that the two mentioned CVE would not affect that version. Thus I created a collecting bug for all those CVEs. If it turns out that we need to split the bug a bit up, we can do. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-11568 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11568 [1] https://security-tracker.debian.org/tracker/CVE-2017-11569 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11569 [2] https://security-tracker.debian.org/tracker/CVE-2017-11570 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11570 [3] https://security-tracker.debian.org/tracker/CVE-2017-11571 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11571 [4] https://security-tracker.debian.org/tracker/CVE-2017-11572 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11572 [5] https://security-tracker.debian.org/tracker/CVE-2017-11573 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11573 [6] https://security-tracker.debian.org/tracker/CVE-2017-11574 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11574 [7] https://security-tracker.debian.org/tracker/CVE-2017-11575 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11575 [8] https://security-tracker.debian.org/tracker/CVE-2017-11576 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11576 [9] https://security-tracker.debian.org/tracker/CVE-2017-11577 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11577 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
