A vulnerability was found in FontForge through 20190801 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c. Reference: https://github.com/fontforge/fontforge/pull/3886
Created fontforge tracking bugs for this issue: Affects: fedora-all [bug 1751050]
Please note there is no upstream release that includes the initial commit https://github.com/fontforge/fontforge/commit/626f751752875a0ddd74b9e217b6f4828713573c#diff-6e3cb09877f1c7fef21c68da73915a60 that added warn_script_unsaved to fontview.c and prefs.c files. Then how come this CVE got reported against Fedora 30?
Statement: The versions of fontforge package shipped with Red Hat Enterprise Linux 5, 6, 7 and 8 are not affected by this issue as it doesn't contain the code where the vulnerability resides.