Known Vulnerabilities for products from Fontforge
Listed below are 15 of the newest known vulnerabilities associated with the vendor "Fontforge".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-25690 json | An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain Lay... | 8.8 - HIGH | 2021-02-23 | 2021-03-01 |
| CVE-2020-5496 json | FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c. | 8.8 - HIGH | 2020-01-03 | 2023-01-24 |
| CVE-2020-5395 json | FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. | 8.8 - HIGH | 2020-01-03 | 2023-11-07 |
| CVE-2019-15785 json | FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c. | 9.8 - CRITICAL | 2019-08-29 | 2020-01-13 |
| CVE-2017-17521 json | uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER enviro... | 8.8 - HIGH | 2017-12-14 | 2020-01-13 |
| CVE-2017-11577 json | FontForge 20161012 is vulnerable to a buffer over-read in getsid (parsettf.c) resulting in DoS or code execution via a crafte... | 7.8 - HIGH | 2017-07-23 | 2020-01-13 |
| CVE-2017-11576 json | FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in... | 5.5 - MEDIUM | 2017-07-23 | 2020-01-13 |
| CVE-2017-11575 json | FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (char.c) resulting in DoS or code execution via a crafted... | 7.8 - HIGH | 2017-07-23 | 2020-01-13 |
| CVE-2017-11574 json | FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c) resulting in DoS or code executio... | 7.8 - HIGH | 2017-07-23 | 2020-01-13 |
| CVE-2017-11573 json | FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName (parsettf.c) resulting in DoS or code ex... | 7.8 - HIGH | 2017-07-23 | 2020-01-13 |
| CVE-2017-11572 json | FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts (parsettf.c) resulting in DoS or code ex... | 7.8 - HIGH | 2017-07-23 | 2020-01-13 |
| CVE-2017-11571 json | FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble (parsettf.c) resulting in DoS or code executio... | 7.8 - HIGH | 2017-07-23 | 2020-01-13 |
| CVE-2017-11570 json | FontForge 20161012 is vulnerable to a buffer over-read in umodenc (parsettf.c) resulting in DoS or code execution via a craft... | 7.8 - HIGH | 2017-07-23 | 2020-01-13 |
| CVE-2017-11569 json | FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights (parsettf.c) resulting in DoS or code ... | 7.8 - HIGH | 2017-07-23 | 2019-10-03 |
| CVE-2017-11568 json | FontForge 20161012 is vulnerable to a heap-based buffer over-read in PSCharStringToSplines (psread.c) resulting in DoS or cod... | 7.8 - HIGH | 2017-07-23 | 2020-01-13 |
Known software with vulnerabilities from Fontforge
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Fontforge | Fontforge | 2.0.20140101 |