EPSS
Percentile
39.5%
libfontforge.so is vulnerable to remote code execution (RCE) attacks. A malicious user can pass a ttf file that when parsed causes an out-of-bound error that can crash the application or cause arbitrary code to be executed.
ttf
www.debian.org/security/2017/dsa-3958
github.com/fontforge/fontforge/commit/e5d992204509c7bf716c4ad2c0fb1a6be742529c
github.com/fontforge/fontforge/issues/3093