View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-11574 severity moderate: SUSE including 1 source package names (fontforge-20170731-11.8.1), 2 product×package rows across 2 product lines (SUSE Linux Enterprise Software Development Kit 12 SP4, SUSE Linux Enterprise Software Development Kit 12 SP5): Fixed 2.
FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c) resulting in DoS or code execution via a crafted otf file.