Summary: | media-gfx/fontforge: Multiple vulnerabilities (CVE-2017-11570, CVE-2017-11573) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Christopher Díaz Riveros (RETIRED) <chrisadr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | floppym, fonts |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://github.com/fontforge/fontforge/issues/3097 https://github.com/fontforge/fontforge/issues/3098 |
||
Whiteboard: | B3 [upstream cve] | ||
Package list: | Runtime testing required: | --- |
Description
Christopher Díaz Riveros (RETIRED)
2017-11-11 15:04:14 UTC
@maintainers. there is a purposed patch for both these CVE https://github.com/gnehsoah/poc/blob/master/fontforge/umodenc-in-parsettf.c-global-buffer-overflow.otf Michael Boyle Gentoo Security Padawan. (In reply to Michael Boyle from comment #1) That link points at a font file, not a patch. These are quite old and upstream couldn't reproduce these. No reply from reporter. |