UbuntuUpdates.org

Package "fontforge-common"

Name: fontforge-common

Description:

font editor (common files)

Latest version: 20120731.b-7.1ubuntu0.1
Release: xenial (16.04)
Level: updates
Repository: universe
Head package: fontforge
Homepage: http://fontforge.sourceforge.net/

Links


Download "fontforge-common"


Other versions of "fontforge-common" in Xenial

Repository Area Version
base universe 20120731.b-7.1
security universe 20120731.b-7.1ubuntu0.1

Changelog

Version: 20120731.b-7.1ubuntu0.1 2018-12-20 23:06:52 UTC

  fontforge (20120731.b-7.1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2017-11568.patch: fix out
      of bounds read condition and buffer overflow in
      fontforge/parsettf.c, fontforge/psread.c,
      fontforge/tottf.c.
    - CVE-2017-11568
  * SECURITY UPDATE: heap-based buffer over-read in
    readttfcopyrights
    - debian/patches/CVE-2017-11569-and-2017-11575.patch: fix
      out of bounds read condition in fontforge/parsettf.c.
    - CVE-2017-11569
    - CVE-2017-11575
  * SECURITY UPDATE: stack-based buffer overflow
    - debian/patches/CVE-2017-11571.patch: fix buffer overflow
      in fontforge/parsettf.c.
    - CVE-2017-11571
  * SECURITY UPDATE: stack underflow condition in
    readcfftopdicts
    - debian/patches/CVE-2017-11572-and-2017-11576.patch: prevent
      stack uderflow condition in fontforge/parsettf.c.
    - CVE-2017-11572
    - CVE-2017-11576
  * SECURITY UPDATE: heap-based buffer overflow in readcffset
    - debian/patches/CVE-2017-11574.patch: fix buffer condition
      in fontforge/parsetff.c.
    - CVE-2017-11574
  * SECURITY UPDATE: buffer over-read in getsid
    - debian/patches/CVE-2017-11577.patch: fix out of bounds read
      in fontforge/parsettf.c
    - CVE-2017-11577

 -- Mike Salvatore <email address hidden> Thu, 13 Dec 2018 14:39:37 -0500

CVE-2017-11568 FontForge 20161012 is vulnerable to a heap-based buffer over-read in PSCharStringToSplines (psread.c) resulting in DoS or code execution via a crafte
CVE-2017-11569 FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights (parsettf.c) resulting in DoS or code execution via a crafted
CVE-2017-11575 FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (char.c) resulting in DoS or code execution via a crafted otf file, related to a
CVE-2017-11571 FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble (parsettf.c) resulting in DoS or code execution via a crafted otf file
CVE-2017-11572 FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts (parsettf.c) resulting in DoS or code execution via a crafted ot
CVE-2017-11576 FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf f
CVE-2017-11574 FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c) resulting in DoS or code execution via a crafted otf file
CVE-2017-11577 FontForge 20161012 is vulnerable to a buffer over-read in getsid (parsettf.c) resulting in DoS or code execution via a crafted otf file.



About   -   Send Feedback to @ubuntu_updates