| Release | Version |
|---|---|
| buster | 1:20170731~dfsg-1 |
| buster (security) | 1:20170731~dfsg-1+deb10u1 |
| bullseye | 1:20201107~dfsg-4 |
| bullseye (security) | 1:20201107~dfsg-4+deb11u1 |
| bookworm | 1:20230101~dfsg-1 |
| bookworm (security) | 1:20230101~dfsg-1.1~deb12u1 |
| trixie | 1:20230101~dfsg-1.1~deb12u1 |
| sid | 1:20230101~dfsg-1.1 |
| Bug | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2024-25082 | fixed | fixed | fixed | vulnerable | fixed | Splinefont in FontForge through 20230101 allows command injection via ... |
| CVE-2024-25081 | fixed | fixed | fixed | vulnerable | fixed | Splinefont in FontForge through 20230101 allows command injection via ... |
| Bug | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2017-17521 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | uiutil.c in FontForge through 20170731 does not validate strings befor ... |
| CVE-2017-11573 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | FontForge 20161012 is vulnerable to a buffer over-read in ValidatePost ... |
| CVE-2017-11570 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | FontForge 20161012 is vulnerable to a buffer over-read in umodenc (par ... |
| Bug | Description |
|---|---|
| CVE-2020-25690 | An out-of-bounds write flaw was found in FontForge in versions before ... |
| CVE-2020-5496 | FontForge 20190801 has a heap-based buffer overflow in the Type2NotDef ... |
| CVE-2020-5395 | FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd. ... |
| CVE-2019-15785 | FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_L ... |
| CVE-2017-11577 | FontForge 20161012 is vulnerable to a buffer over-read in getsid (pars ... |
| CVE-2017-11576 | FontForge 20161012 does not ensure a positive size in a weight vector ... |
| CVE-2017-11575 | FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (c ... |
| CVE-2017-11574 | FontForge 20161012 is vulnerable to a heap-based buffer overflow in re ... |
| CVE-2017-11572 | FontForge 20161012 is vulnerable to a heap-based buffer over-read in r ... |
| CVE-2017-11571 | FontForge 20161012 is vulnerable to a stack-based buffer overflow in a ... |
| CVE-2017-11569 | FontForge 20161012 is vulnerable to a heap-based buffer over-read in r ... |
| CVE-2017-11568 | FontForge 20161012 is vulnerable to a heap-based buffer over-read in P ... |
| CVE-2010-4259 | Stack-based buffer overflow in FontForge 20100501 allows remote attack ... |
| DSA / DLA | Description |
|---|---|
| DSA-5641-1 | fontforge - security update |
| DLA-3754-1 | fontforge - security update |
| DSA-3958-1 | fontforge - security update |
| DLA-1065-1 | fontforge - security update |
| DSA-2253-1 | fontforge - buffer overflow |