EPSS
Percentile
58.0%
libfontforge.so is vulnerable to remote code execution (RCE) attacks. The application does not properly validate strings in the BROWSER environment variable, allowing a malicious user to inject and execute arbitrary commands.
BROWSER
bugzilla.suse.com/show_bug.cgi?id=1073014
security-tracker.debian.org/tracker/CVE-2017-17521
sources.debian.org/src/fontforge/1:20170731~dfsg-1/fontforgeexe/uiutil.c/#L285