Information on source package fontforge

Available versions

ReleaseVersion
jessie20120731.b-5+deb8u1
stretch1:20161005~dfsg-4+deb9u1
buster1:20170731~dfsg-1+deb10u1
bullseye1:20201107~dfsg-4+deb11u1
bookworm1:20230101~dfsg-1.1~deb12u1
trixie1:20230101~dfsg-4
sid1:20230101~dfsg-4

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-25082vulnerablevulnerablefixedfixedfixedfixedfixedSplinefont in FontForge through 20230101 allows command injection via ...
CVE-2024-25081vulnerablevulnerablefixedfixedfixedfixedfixedSplinefont in FontForge through 20230101 allows command injection via ...
CVE-2020-5496vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedfixedfixedFontForge 20190801 has a heap-based buffer overflow in the Type2NotDef ...
CVE-2020-5395vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedfixedfixedFontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd. ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2017-17521vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableuiutil.c in FontForge through 20170731 does not validate strings befor ...
CVE-2017-11573vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableFontForge 20161012 is vulnerable to a buffer over-read in ValidatePost ...
CVE-2017-11570vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableFontForge 20161012 is vulnerable to a buffer over-read in umodenc (par ...

Resolved issues

BugDescription
CVE-2020-25690An out-of-bounds write flaw was found in FontForge in versions before ...
CVE-2019-15785FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_L ...
CVE-2017-11577FontForge 20161012 is vulnerable to a buffer over-read in getsid (pars ...
CVE-2017-11576FontForge 20161012 does not ensure a positive size in a weight vector ...
CVE-2017-11575FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (c ...
CVE-2017-11574FontForge 20161012 is vulnerable to a heap-based buffer overflow in re ...
CVE-2017-11572FontForge 20161012 is vulnerable to a heap-based buffer over-read in r ...
CVE-2017-11571FontForge 20161012 is vulnerable to a stack-based buffer overflow in a ...
CVE-2017-11569FontForge 20161012 is vulnerable to a heap-based buffer over-read in r ...
CVE-2017-11568FontForge 20161012 is vulnerable to a heap-based buffer over-read in P ...
CVE-2010-4259Stack-based buffer overflow in FontForge 20100501 allows remote attack ...

Security announcements

DSA / DLADescription
DSA-5641-1fontforge - security update
DLA-3754-1fontforge - security update
DSA-3958-1fontforge - security update
DLA-1065-1fontforge - security update
DSA-2253-1fontforge - buffer overflow
Search for package or bug name: Reporting problems