CVE-2010-4259 — fontforge - buffer overflow

Description

Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file.

How to fix CVE-2010-4259

To remediate CVE-2010-4259, upgrade the affected package to a fixed version below.

Debian/fontforge—upgrade to 0.0.20100501-4 or later
Debian/fontforge—upgrade to 0.0.20080429-1+lenny2 or later

Is CVE-2010-4259 being exploited?

Moderate — EPSS is 23.1%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 0.0.20100501-4
from 0, < 0.0.20080429-1+lenny2

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-4259