EPSS
Percentile
39.5%
libfontforge.so is vulnerable to remote code execution (RCE) attacks. A malicious user can pass an otf file to the strnmatch function in char.c to cause a buffer overflow that can crash the application or cause arbitrary code to be executed.
otf
strnmatch
char.c
www.debian.org/security/2017/dsa-3958
github.com/fontforge/fontforge/commit/4de0c58a01e5e30610c200e9aea98bc7db12c7ac
github.com/fontforge/fontforge/issues/3096