{ "schema_version": "1.7.0", "id": "MGASA-2018-0037", "published": "2018-01-03T14:22:14Z", "modified": "2018-01-03T13:51:50Z", "summary": "Updated fontforge packages fix security vulnerability", "details": "It was discovered that FontForge, a font editor, did not correctly\nvalidate its input. An attacker could use this flaw by tricking a user\ninto opening a maliciously crafted OpenType font file, thus causing a\ndenial-of-service via application crash, or execution of arbitrary code\n(CVE-2017-11568, CVE-2017-11569, CVE-2017-11571, CVE-2017-11572,\nCVE-2017-11574, CVE-2017-11575, CVE-2017-11576, CVE-2017-11577).\n", "upstream": [ "CVE-2017-11568", "CVE-2017-11569", "CVE-2017-11571", "CVE-2017-11572", "CVE-2017-11574", "CVE-2017-11575", "CVE-2017-11576", "CVE-2017-11577" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2018-0037.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=21634" }, { "type": "WEB", "url": "https://www.debian.org/security/2017/dsa-3958" } ], "affected": [ { "package": { "ecosystem": "Mageia:5", "name": "fontforge", "purl": "pkg:rpm/mageia/fontforge?arch=source&distro=mageia-5" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "1.0-1.20120731.10.mga5" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:6", "name": "fontforge", "purl": "pkg:rpm/mageia/fontforge?arch=source&distro=mageia-6" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "20161012-4.1.mga6" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }