Описание
Security update for fontforge
This update for fontforge fixes the following security issues:
fontforge was updated to 20170731, fixings lots of bugs and security issues.
- CVE-2017-11568: Heap-based buffer over-read in PSCharStringToSplines (bsc#1050161)
- CVE-2017-11569: Heap-based buffer over-read in readttfcopyrights (bsc#1050181)
- CVE-2017-11571: Stack-based buffer overflow in addnibble (bsc#1050185)
- CVE-2017-11572: Heap-based buffer over-read in readcfftopdicts (bsc#1050187)
- CVE-2017-11573: Over-read in ValidatePostScriptFontName (bsc#1050193)
- CVE-2017-11574: Heap-based buffer overflow in readcffset (bsc#1050194)
- CVE-2017-11575: Buffer over-read in strnmatch (bsc#1050195)
- CVE-2017-11576: Ensure a positive size in a weight vector memcpycall in readcfftopdict (bsc#1050196)
- CVE-2017-11577: Buffer over-read in getsid (bsc#1050200)
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP4
Ссылки
- Link for SUSE-SU-2019:2236-1
- E-Mail link for SUSE-SU-2019:2236-1
- SUSE Security Ratings
- SUSE Bug 1050161
- SUSE Bug 1050181
- SUSE Bug 1050185
- SUSE Bug 1050187
- SUSE Bug 1050193
- SUSE Bug 1050194
- SUSE Bug 1050195
- SUSE Bug 1050196
- SUSE Bug 1050200
- SUSE CVE CVE-2017-11568 page
- SUSE CVE CVE-2017-11569 page
- SUSE CVE CVE-2017-11571 page
- SUSE CVE CVE-2017-11572 page
- SUSE CVE CVE-2017-11573 page
- SUSE CVE CVE-2017-11574 page
- SUSE CVE CVE-2017-11575 page
- SUSE CVE CVE-2017-11576 page
Описание
FontForge 20161012 is vulnerable to a heap-based buffer over-read in PSCharStringToSplines (psread.c) resulting in DoS or code execution via a crafted otf file.
Затронутые продукты
Ссылки
- CVE-2017-11568
- SUSE Bug 1050161
Описание
FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights (parsettf.c) resulting in DoS or code execution via a crafted otf file.
Затронутые продукты
Ссылки
- CVE-2017-11569
- SUSE Bug 1050181
Описание
FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble (parsettf.c) resulting in DoS or code execution via a crafted otf file.
Затронутые продукты
Ссылки
- CVE-2017-11571
- SUSE Bug 1050185
Описание
FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts (parsettf.c) resulting in DoS or code execution via a crafted otf file.
Затронутые продукты
Ссылки
- CVE-2017-11572
- SUSE Bug 1050187
Описание
FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName (parsettf.c) resulting in DoS or code execution via a crafted otf file.
Затронутые продукты
Ссылки
- CVE-2017-11573
- SUSE Bug 1050193
Описание
FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c) resulting in DoS or code execution via a crafted otf file.
Затронутые продукты
Ссылки
- CVE-2017-11574
- SUSE Bug 1050194
Описание
FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (char.c) resulting in DoS or code execution via a crafted otf file, related to a call from the readttfcopyrights function in parsettf.c.
Затронутые продукты
Ссылки
- CVE-2017-11575
- SUSE Bug 1050195
Описание
FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file.
Затронутые продукты
Ссылки
- CVE-2017-11576
- SUSE Bug 1050196
Описание
FontForge 20161012 is vulnerable to a buffer over-read in getsid (parsettf.c) resulting in DoS or code execution via a crafted otf file.
Затронутые продукты
Ссылки
- CVE-2017-11577
- SUSE Bug 1050200