[Bug 1475396] New: CVE-2017-11576 fontforge: Does not ensure a positive size in a weight vector memcpy call in readcfftopdict function

bugzilla Wed, 26 Jul 2017 07:43:24 -0700

https://bugzilla.redhat.com/show_bug.cgi?id=1475396


            Bug ID: 1475396
           Summary: CVE-2017-11576 fontforge: Does not ensure a positive
                    size in a weight vector memcpy call in readcfftopdict
                    function
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: low
          Priority: low
          Assignee: [email protected]
          Reporter: [email protected]
                CC: [email protected],
                    [email protected], [email protected],
                    [email protected], [email protected]




FontForge 20161012 does not ensure a positive size in a weight vector memcpy
call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file.

Upstream issue:

https://github.com/fontforge/fontforge/issues/3091

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
fonts-bugs mailing list -- [email protected]
To unsubscribe send an email to [email protected]

[Bug 1475396] New: CVE-2017-11576 fontforge: Does not ensure a positive size in a weight vector memcpy call in readcfftopdict function

Reply via email to