{"affected":[{"ecosystem_specific":{"binaries":[{"fontforge":"20170731-11.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP4","name":"fontforge","purl":"pkg:rpm/suse/fontforge&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"20170731-11.8.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for fontforge fixes the following security issues:\n\nfontforge was updated to 20170731, fixings lots of bugs and security issues.\n\n- CVE-2017-11568: Heap-based buffer over-read in PSCharStringToSplines (bsc#1050161)\n- CVE-2017-11569: Heap-based buffer over-read in readttfcopyrights (bsc#1050181)\n- CVE-2017-11571: Stack-based buffer overflow in addnibble (bsc#1050185)\n- CVE-2017-11572: Heap-based buffer over-read in readcfftopdicts (bsc#1050187)\n- CVE-2017-11573: Over-read in ValidatePostScriptFontName (bsc#1050193)\n- CVE-2017-11574: Heap-based buffer overflow in readcffset (bsc#1050194)\n- CVE-2017-11575: Buffer over-read in strnmatch (bsc#1050195)\n- CVE-2017-11576: Ensure a positive size in a weight vector memcpycall in readcfftopdict (bsc#1050196)\n- CVE-2017-11577: Buffer over-read in getsid (bsc#1050200)\n","id":"SUSE-SU-2019:2236-1","modified":"2019-08-28T06:00:09Z","published":"2019-08-28T06:00:09Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20192236-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050161"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050181"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050185"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050187"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050193"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050194"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050195"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050196"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050200"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11568"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11569"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11571"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11572"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11573"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11574"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11575"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11576"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11577"}],"related":["CVE-2017-11568","CVE-2017-11569","CVE-2017-11571","CVE-2017-11572","CVE-2017-11573","CVE-2017-11574","CVE-2017-11575","CVE-2017-11576","CVE-2017-11577"],"summary":"Security update for fontforge","upstream":["CVE-2017-11568","CVE-2017-11569","CVE-2017-11571","CVE-2017-11572","CVE-2017-11573","CVE-2017-11574","CVE-2017-11575","CVE-2017-11576","CVE-2017-11577"]}