Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Ubuntu 14.04 LTS USN-3409-1 Critical: FontForge Buffer Overflows

Calendar Sep 04, 2017 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory buffer overflow remote code execution DoS Ubuntu heap over-read fontforge
Several security issues were fixed in FontForge. 
=========================================================================Ubuntu Security Notice USN-3409-1
September 04, 2017

fontforge vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in FontForge.

Software Description:
- fontforge: font editor

Details:

It was discovered that FontForge was vulnerable to a heap-based buffer
over-read. A remote attacker could use a crafted file to DoS or execute
arbitrary code. (CVE-2017-11568, CVE-2017-11569, CVE-2017-11572)

It was discovered that FontForge was vulnerable to a stack-based buffer
overflow. A remote attacker could use a crafted file to DoS or execute
arbitrary code. (CVE-2017-11571)

It was discovered that FontForge was vulnerable to a heap-based buffer
overflow. A remote attacker could use a crafted file to DoS or execute
arbitrary code. (CVE-2017-11574)

It was discovered that FontForge was vulnerable to a buffer over-read.
A remote attacker could use a crafted file to DoS or execute arbitrary
code. (CVE-2017-11575, CVE-2017-11577)

It was discovered that FontForge wasn't correctly checking the sign of
a vector size. A remote attacker could use a crafted file to DoS.
(CVE-2017-11576)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  fontforge                       20120731.b-5ubuntu0.1
  fontforge-common                20120731.b-5ubuntu0.1

In general, a standard system update will make all the necessary
changes.

References:
  https://ubuntu.com/security/notices/USN-3409-1
  CVE-2017-11568, CVE-2017-11569, CVE-2017-11571, CVE-2017-11572,
  CVE-2017-11574, CVE-2017-11575, CVE-2017-11576, CVE-2017-11577

Package Information:
  https://launchpad.net/ubuntu/+source/fontforge/20120731.b-5ubuntu0.1

Ubuntu 14.04 LTS USN-3409-1 Critical: FontForge Buffer Overflows

ubuntu
Calendar Grey September 4, 2017
Dist Ubuntu Esm H88
Multiple vulnerabilities were patched in FontForge that impact Ubuntu 14.04, essential for ensuring system safety.
Several security issues were fixed in FontForge.

Summary

Topics%20covered

Topics Covered

security advisory buffer overflow remote code execution DoS Ubuntu heap over-read fontforge

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS:   fontforge                       20120731.b-5ubuntu0.1   fontforge-common                20120731.b-5ubuntu0.1 In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-3409-1

  CVE-2017-11568, CVE-2017-11569, CVE-2017-11571, CVE-2017-11572,

  CVE-2017-11574, CVE-2017-11575, CVE-2017-11576, CVE-2017-11577

Severity
critical
Lowest
Low
Medium
High
Critical

September 04, 2017

Topics%20covered

Topics Covered

security advisory buffer overflow remote code execution DoS Ubuntu heap over-read fontforge

Package Information

  https://launchpad.net/ubuntu/+source/fontforge/20120731.b-5ubuntu0.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here