CVE-2019-15785

CRITICAL

Fontforge < 20190801 - Memory Corruption

Title source: rule
STIX 2.1

Description

FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c.

References (3)

Core 3
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/fontforge/fontforge/pull/3886
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202004-14

Scores

CVSS v3 9.8
EPSS 0.0059
EPSS Percentile 69.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
fontforge/fontforge < 20190801
Published Aug 29, 2019
Tracked Since Feb 18, 2026