Information on source package fontforge

Available versions

ReleaseVersion
stretch1:20161005~dfsg-4+deb9u1
buster1:20170731~dfsg-1
bullseye1:20201107~dfsg-4
sid1:20201107~dfsg-4

Open issues

BugstretchbusterbullseyesidDescription
CVE-2020-5496vulnerable (no DSA)vulnerable (no DSA)fixedfixedFontForge 20190801 has a heap-based buffer overflow in the Type2NotDef ...
CVE-2020-5395vulnerable (no DSA)vulnerable (no DSA)fixedfixedFontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd. ...

Open unimportant issues

BugstretchbusterbullseyesidDescription
CVE-2017-17521vulnerablevulnerablevulnerablevulnerableuiutil.c in FontForge through 20170731 does not validate strings befor ...
CVE-2017-11573vulnerablevulnerablevulnerablevulnerableFontForge 20161012 is vulnerable to a buffer over-read in ValidatePost ...
CVE-2017-11570vulnerablevulnerablevulnerablevulnerableFontForge 20161012 is vulnerable to a buffer over-read in umodenc (par ...

Resolved issues

BugDescription
CVE-2020-25690An out-of-bounds write flaw was found in FontForge in versions before ...
CVE-2019-15785FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_L ...
CVE-2017-11577FontForge 20161012 is vulnerable to a buffer over-read in getsid (pars ...
CVE-2017-11576FontForge 20161012 does not ensure a positive size in a weight vector ...
CVE-2017-11575FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (c ...
CVE-2017-11574FontForge 20161012 is vulnerable to a heap-based buffer overflow in re ...
CVE-2017-11572FontForge 20161012 is vulnerable to a heap-based buffer over-read in r ...
CVE-2017-11571FontForge 20161012 is vulnerable to a stack-based buffer overflow in a ...
CVE-2017-11569FontForge 20161012 is vulnerable to a heap-based buffer over-read in r ...
CVE-2017-11568FontForge 20161012 is vulnerable to a heap-based buffer over-read in P ...
CVE-2010-4259Stack-based buffer overflow in FontForge 20100501 allows remote attack ...

Security announcements

DSA / DLADescription
DSA-3958-1fontforge - security update
DLA-1065-1fontforge - security update
DSA-2253-1fontforge - buffer overflow

Search for package or bug name: Reporting problems