suse · CVE-2017-11574

Quick triage

Priority: medium Published: 2021-05-30 13:59:14 UTC Updated: 2023-02-10 02:12:25 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-11574 severity moderate: SUSE including 1 source package names (fontforge-20170731-11.8.1), 2 product×package rows across 2 product lines (SUSE Linux Enterprise Software Development Kit 12 SP4, SUSE Linux Enterprise Software Development Kit 12 SP5): Fixed 2.

Description:

FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c) resulting in DoS or code execution via a crafted otf file.

cvelogic Threat Intelligence