First published: Thu Aug 29 2019(Updated: )
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Fontforge Fontforge | <=20190801 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this FontForge vulnerability is CVE-2019-15785.
The severity of CVE-2019-15785 is critical.
The vulnerability manifests as a buffer overflow in the PrefsUI_LoadPrefs function in the prefs.c file of FontForge versions 20190813 through 20190820.
The affected software is FontForge version 20190813 through 20190820.
Yes, a fix is available for this vulnerability. It can be found in the following links: [GitHub commit](https://github.com/fontforge/fontforge/commit/626f751752875a0ddd74b9e217b6f4828713573c), [GitHub pull request](https://github.com/fontforge/fontforge/pull/3886), [Gentoo security advisory](https://security.gentoo.org/glsa/202004-14).