[Pkg-fonts-bugs] Bug#869614: fontforge: CVE-2017-11568 CVE-2017-11569 CVE-2017-11570 CVE-2017-11571 CVE-2017-11572 CVE-2017-11573 CVE-2017-11574 CVE-2017-11575 CVE-2017-11576 CVE-2017-11577

Salvatore Bonaccorso carnil at debian.org
Mon Jul 24 20:16:11 UTC 2017


Source: fontforge
Version: 20120731.b-5
Severity: important
Tags: upstream security

Hi,

the following vulnerabilities were published for fontforge.

CVE-2017-11568[0]:
| FontForge 20161012 is vulnerable to a heap-based buffer over-read in
| PSCharStringToSplines (psread.c) resulting in DoS or code execution via
| a crafted otf file.

CVE-2017-11569[1]:
| FontForge 20161012 is vulnerable to a heap-based buffer over-read in
| readttfcopyrights (parsettf.c) resulting in DoS or code execution via a
| crafted otf file.

CVE-2017-11570[2]:
| FontForge 20161012 is vulnerable to a buffer over-read in umodenc
| (parsettf.c) resulting in DoS or code execution via a crafted otf file.

CVE-2017-11571[3]:
| FontForge 20161012 is vulnerable to a stack-based buffer overflow in
| addnibble (parsettf.c) resulting in DoS or code execution via a crafted
| otf file.

CVE-2017-11572[4]:
| FontForge 20161012 is vulnerable to a heap-based buffer over-read in
| readcfftopdicts (parsettf.c) resulting in DoS or code execution via a
| crafted otf file.

CVE-2017-11573[5]:
| FontForge 20161012 is vulnerable to a buffer over-read in
| ValidatePostScriptFontName (parsettf.c) resulting in DoS or code
| execution via a crafted otf file.

CVE-2017-11574[6]:
| FontForge 20161012 is vulnerable to a heap-based buffer overflow in
| readcffset (parsettf.c) resulting in DoS or code execution via a
| crafted otf file.

CVE-2017-11575[7]:
| FontForge 20161012 is vulnerable to a buffer over-read in strnmatch
| (char.c) resulting in DoS or code execution via a crafted otf file,
| related to a call from the readttfcopyrights function in parsettf.c.

CVE-2017-11576[8]:
| FontForge 20161012 does not ensure a positive size in a weight vector
| memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a
| crafted otf file.

CVE-2017-11577[9]:
| FontForge 20161012 is vulnerable to a buffer over-read in getsid
| (parsettf.c) resulting in DoS or code execution via a crafted otf file.

Apart of CVE-2017-11570 and CVE-2017-11575 the issues seem easily
reproducible/shown as well back to 20120731.b-5. But I have not been
able to verify yet that the two mentioned CVE would not affect that
version. Thus I created a collecting bug for all those CVEs. If it
turns out that we need to split the bug a bit up, we can do.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-11568
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11568
[1] https://security-tracker.debian.org/tracker/CVE-2017-11569
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11569
[2] https://security-tracker.debian.org/tracker/CVE-2017-11570
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11570
[3] https://security-tracker.debian.org/tracker/CVE-2017-11571
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11571
[4] https://security-tracker.debian.org/tracker/CVE-2017-11572
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11572
[5] https://security-tracker.debian.org/tracker/CVE-2017-11573
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11573
[6] https://security-tracker.debian.org/tracker/CVE-2017-11574
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11574
[7] https://security-tracker.debian.org/tracker/CVE-2017-11575
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11575
[8] https://security-tracker.debian.org/tracker/CVE-2017-11576
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11576
[9] https://security-tracker.debian.org/tracker/CVE-2017-11577
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11577

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore




More information about the Pkg-fonts-bugs mailing list