SUSE: 2019:2236-1 Moderate: fontforge Buffer Over-Read Issues
suse
August 28, 2019
An update that fixes 9 vulnerabilities is now available
Summary
This update for fontforge fixes the following security issues: fontforge was updated to 20170731, fixings lots of bugs and security issues. - CVE-2017-11568: Heap-based buffer over-read in PSCharStringToSplines (bsc#1050161) - CVE-2017-11569: Heap-based buffer over-read in readttfcopyrights (bsc#1050181) - CVE-2017-11571: Stack-based buffer overflow in addnibble (bsc#1050185) - CVE-2017-11572: Heap-based buffer over-read in readcfftopdicts (bsc#1050187) - CVE-2017-11573: Over-read in ValidatePostScriptFontName (bsc#1050193) - CVE-2017-11574: Heap-based buffer overflow in readcffset (bsc#1050194) - CVE-2017-11575: Buffer over-read in strnmatch (bsc#1050195) - CVE-2017-11576: Ensure a positive size in a weight vector memcpycall in readcfftopdict (bsc#1050196)
References
#1050161 #1050181 #1050185 #1050187 #1050193
#1050194 #1050195 #1050196 #1050200
Cross- CVE-2017-11568 CVE-2017-11569 CVE-2017-11571
CVE-2017-11572 CVE-2017-11573 CVE-2017-11574
CVE-2017-11575 CVE-2017-11576 CVE-2017-11577
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP4
https://www.suse.com/security/cve/CVE-2017-11568.html
https://www.suse.com/security/cve/CVE-2017-11569.html
https://www.suse.com/security/cve/CVE-2017-11571.html
https://www.suse.com/security/cve/CVE-2017-11572.html
https://www.suse.com/security/cve/CVE-2017-11573.html
https://www.suse.com/security/cve/CVE-2017-11574.html
https://www.suse.com/security/cve/CVE-2017-11575.html
https://www.suse.com/security/cve/CVE-2017-11576.html
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2019:2236-1
Rating: moderate
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!