Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2017
FontForge 20161012 is vulnerable to a buffer over-read in umodenc (parsettf.c) resulting in DoS or code execution via a crafted otf file.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-07-23
FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble (parsettf.c) resulting in DoS or code execution via a crafted otf file.
CVSS Score
7.8
EPSS Score
0.007
Published
2017-07-23
FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts (parsettf.c) resulting in DoS or code execution via a crafted otf file.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-07-23
FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName (parsettf.c) resulting in DoS or code execution via a crafted otf file.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-07-23
FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c) resulting in DoS or code execution via a crafted otf file.
CVSS Score
7.8
EPSS Score
0.007
Published
2017-07-23
FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (char.c) resulting in DoS or code execution via a crafted otf file, related to a call from the readttfcopyrights function in parsettf.c.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-07-23
FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-07-23
FontForge 20161012 is vulnerable to a buffer over-read in getsid (parsettf.c) resulting in DoS or code execution via a crafted otf file.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-07-23
debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the specific pathname would remain the same forever), which allows attackers to bypass intended AppArmor restrictions by leveraging the silent loss of this protection mechanism. NOTE: this does not affect systems, such as default Debian stretch installations, on which Tor startup relies on a systemd unit file (instead of this tor.init script).
CVSS Score
7.5
EPSS Score
0.002
Published
2017-07-23
There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service.
CVSS Score
7.5
EPSS Score
0.006
Published
2017-07-23


Contact Us

Shodan ® - All rights reserved