Security Information / 2011 / Security Information -- DSA-2253-1 fontforge

Debian Security Advisory

DSA-2253-1 fontforge -- buffer overflow

Date Reported:

03 Jun 2011

Affected Packages:

fontforge

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 605537.
In Mitre's CVE dictionary: CVE-2010-4259.

More information:

Ulrik Persson reported a stack-based buffer overflow flaw in FontForge, a font editor. When processed a crafted Bitmap Distribution Format (BDF) FontForge could crash or execute arbitrary code with the privileges of the user running FontForge.

For the oldstable distribution (lenny), this problem has been fixed in version 0.0.20080429-1+lenny2.

The stable distribution (squeeze), testing distribution (wheezy), and unstable distribution (sid) are not affected by this problem.

We recommend that you upgrade your fontforge packages.