Download
| Alert*
oval:org.secpod.oval:def:52886
fontforge: font editor Several security issues were fixed in FontForge. oval:org.secpod.oval:def:117709 fontforge is installed oval:org.secpod.oval:def:703820 fontforge is installed oval:org.secpod.oval:def:703815 fontforge: font editor Several security issues were fixed in FontForge. oval:org.secpod.oval:def:2500137 FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript , TrueType, OpenType and CID-keyed fonts. oval:org.secpod.oval:def:2000244 FontForge 20161012 is vulnerable to a buffer over-read in umodenc resulting in DoS or code execution via a crafted otf file. oval:org.secpod.oval:def:2000078 FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName resulting in DoS or code execution via a crafted otf file. oval:org.secpod.oval:def:1900212 FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName resulting in DoS or code execution via a crafted otf file. oval:org.secpod.oval:def:1900205 FontForge 20161012 is vulnerable to a buffer over-read in umodenc resulting in DoS or code execution via a crafted otf file. oval:org.secpod.oval:def:1901534 uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534. oval:org.secpod.oval:def:2001552 uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534. oval:org.secpod.oval:def:117708 FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript , TrueType, OpenType and CID-keyed fonts. oval:org.secpod.oval:def:117884 FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript , TrueType, OpenType and CID-keyed fonts. oval:org.secpod.oval:def:205617 FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript , TrueType, OpenType and CID-keyed fonts. Security Fix: * fontforge: out-of-bounds write in SFD_GetFontMetaData function in sfd.c For more details about the security issue, including ... oval:org.secpod.oval:def:19500660 Splinefont in FontForge through 20230101 allows command injection via crafted filenames. Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files oval:org.secpod.oval:def:613020 It was discovered that fontforge, a font editor, is prone to shell command injection vulnerabilities when processing specially crafted files. oval:org.secpod.oval:def:89051814 This update for fontforge fixes the following issues: * CVE-2024-25081: Fixed command injection via crafted filenames . * CVE-2024-25082: Fixed command injection via crafted archives or compressed files . |