CVE-2019-15785

Name	CVE-2019-15785
Description	FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
fontforge (PTS)	jessie, jessie (lts)	20120731.b-5+deb8u1	fixed
	stretch (security), stretch (lts), stretch	1:20161005~dfsg-4+deb9u1	fixed
	buster (security), buster, buster (lts)	1:20170731~dfsg-1+deb10u1	fixed
	bullseye (security), bullseye	1:20201107~dfsg-4+deb11u1	fixed
	bookworm (security), bookworm	1:20230101~dfsg-1.1~deb12u1	fixed
	sid, trixie	1:20230101~dfsg-4	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
fontforge	source	(unstable)	(not affected)

- fontforge <not-affected> (Vulnerable code introduced later)
https://github.com/fontforge/fontforge/pull/3886