libfontforge.so is vulnerable to denial of service (DoS) through stack-based under flow attacks. The vulnerability exists as it failed to check if the weight vector in the readcfftopdict
function of parsettf.c
is positive, allowing a malicious otf
file to cause a denial of service (DoS) through stack-based underflow.