[Pkg-fonts-devel] Bug#869614: fontforge: CVE-2017-11568 CVE-2017-11569 CVE-2017-11570 CVE-2017-11571 CVE-2017-11572 CVE-2017-11573 CVE-2017-11574 CVE-2017-11575 CVE-2017-11576 CVE-2017-11577
Salvatore Bonaccorso
carnil at debian.org
Mon Jul 24 20:16:11 UTC 2017
Source: fontforge
Version: 20120731.b-5
Severity: important
Tags: upstream security
Hi,
the following vulnerabilities were published for fontforge.
CVE-2017-11568[0]:
| FontForge 20161012 is vulnerable to a heap-based buffer over-read in
| PSCharStringToSplines (psread.c) resulting in DoS or code execution via
| a crafted otf file.
CVE-2017-11569[1]:
| FontForge 20161012 is vulnerable to a heap-based buffer over-read in
| readttfcopyrights (parsettf.c) resulting in DoS or code execution via a
| crafted otf file.
CVE-2017-11570[2]:
| FontForge 20161012 is vulnerable to a buffer over-read in umodenc
| (parsettf.c) resulting in DoS or code execution via a crafted otf file.
CVE-2017-11571[3]:
| FontForge 20161012 is vulnerable to a stack-based buffer overflow in
| addnibble (parsettf.c) resulting in DoS or code execution via a crafted
| otf file.
CVE-2017-11572[4]:
| FontForge 20161012 is vulnerable to a heap-based buffer over-read in
| readcfftopdicts (parsettf.c) resulting in DoS or code execution via a
| crafted otf file.
CVE-2017-11573[5]:
| FontForge 20161012 is vulnerable to a buffer over-read in
| ValidatePostScriptFontName (parsettf.c) resulting in DoS or code
| execution via a crafted otf file.
CVE-2017-11574[6]:
| FontForge 20161012 is vulnerable to a heap-based buffer overflow in
| readcffset (parsettf.c) resulting in DoS or code execution via a
| crafted otf file.
CVE-2017-11575[7]:
| FontForge 20161012 is vulnerable to a buffer over-read in strnmatch
| (char.c) resulting in DoS or code execution via a crafted otf file,
| related to a call from the readttfcopyrights function in parsettf.c.
CVE-2017-11576[8]:
| FontForge 20161012 does not ensure a positive size in a weight vector
| memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a
| crafted otf file.
CVE-2017-11577[9]:
| FontForge 20161012 is vulnerable to a buffer over-read in getsid
| (parsettf.c) resulting in DoS or code execution via a crafted otf file.
Apart of CVE-2017-11570 and CVE-2017-11575 the issues seem easily
reproducible/shown as well back to 20120731.b-5. But I have not been
able to verify yet that the two mentioned CVE would not affect that
version. Thus I created a collecting bug for all those CVEs. If it
turns out that we need to split the bug a bit up, we can do.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-11568
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11568
[1] https://security-tracker.debian.org/tracker/CVE-2017-11569
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11569
[2] https://security-tracker.debian.org/tracker/CVE-2017-11570
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11570
[3] https://security-tracker.debian.org/tracker/CVE-2017-11571
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11571
[4] https://security-tracker.debian.org/tracker/CVE-2017-11572
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11572
[5] https://security-tracker.debian.org/tracker/CVE-2017-11573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11573
[6] https://security-tracker.debian.org/tracker/CVE-2017-11574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11574
[7] https://security-tracker.debian.org/tracker/CVE-2017-11575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11575
[8] https://security-tracker.debian.org/tracker/CVE-2017-11576
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11576
[9] https://security-tracker.debian.org/tracker/CVE-2017-11577
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11577
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-fonts-devel
mailing list