Bug 1751048 (CVE-2019-15785)

Summary: CVE-2019-15785 fontforge: buffer overflow in PrefsUI_LoadPrefs in prefs.c
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: eng-i18n-bugs, fonts-bugs, kevin, kyoshida, paul, pnemade
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-09-19 20:03:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1751050    
Bug Blocks: 1751051    

Description Dhananjay Arunesh 2019-09-11 05:40:32 UTC
A vulnerability was found in FontForge through 20190801 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c.


Comment 1 Dhananjay Arunesh 2019-09-11 05:40:51 UTC
Created fontforge tracking bugs for this issue:

Affects: fedora-all [bug 1751050]

Comment 2 Parag Nemade 2019-09-18 11:23:43 UTC
Please note there is no upstream release that includes the initial commit https://github.com/fontforge/fontforge/commit/626f751752875a0ddd74b9e217b6f4828713573c#diff-6e3cb09877f1c7fef21c68da73915a60 that added warn_script_unsaved to fontview.c and prefs.c files. Then how come this CVE got reported against Fedora 30?

Comment 4 Marco Benatto 2019-09-19 20:02:32 UTC

The versions of fontforge package shipped with Red Hat Enterprise Linux 5, 6, 7 and 8 are not affected by this issue as it doesn't contain the code where the vulnerability resides.