DSA-3958-1 fontforge -- fontforgeID: oval:org.secpod.oval:def:603082 | Date: (C)2017-09-05 (M)2022-08-31 |
Class: PATCH | Family: unix |
It was discovered that FontForge, a font editor, did not correctly validate its input. An attacker could use this flaw by tricking a user into opening a maliciously crafted OpenType font file, thus causing a denial-of-service via application crash, or execution of arbitrary code.
Platform: |
Debian 8.x |
Debian 9.x |
Product: |
fontforge |
libgdraw5 |
libfontforge-dev |
python-fontforge |
libfontforge1 |
libfontforge2 |