Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 556
Alerts This Week
Warning Icon 1 556

Ubuntu 14.04 LTS USN-3409-1 Critical: FontForge Buffer Overflows

ubuntu
Calendar Grey September 4, 2017
Dist Ubuntu Esm H88
Multiple vulnerabilities were patched in FontForge that impact Ubuntu 14.04, essential for ensuring system safety.
Several security issues were fixed in FontForge.

Summary

Several security issues were fixed in FontForge.

Software Description:

- fontforge: font editor

Details:

It was discovered that FontForge was vulnerable to a heap-based buffer

over-read. A remote attacker could use a crafted file to DoS or execute

arbitrary code. (CVE-2017-11568, CVE-2017-11569, CVE-2017-11572)

It was discovered that FontForge was vulnerable to a stack-based buffer

overflow. A remote attacker could use a crafted file to DoS or execute

arbitrary code. (CVE-2017-11571)

It was discovered that FontForge was vulnerable to a heap-based buffer

overflow. A remote attacker could use a crafted file to DoS or execute

arbitrary code. (CVE-2017-11574)

It was discovered that FontForge was vulnerable to a buffer over-read.

A remote attacker could use a crafted file to DoS or execute arbitrary

code. (CVE-2017-11575, CVE-2017-11577)

It was discovered that FontForge wasn't correctly checking the sign of

a vector size. A remote attacker could use a cra...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  fontforge                       20120731.b-5ubuntu0.1
  fontforge-common                20120731.b-5ubuntu0.1

In general, a standard system update will make all the necessary
changes.

References

  https://ubuntu.com/security/notices/USN-3409-1

  CVE-2017-11568, CVE-2017-11569, CVE-2017-11571, CVE-2017-11572,

  CVE-2017-11574, CVE-2017-11575, CVE-2017-11576, CVE-2017-11577

Severity
critical
Lowest
Low
Medium
High
Critical

September 04, 2017

Package Information

  https://launchpad.net/ubuntu/+source/fontforge/20120731.b-5ubuntu0.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.