Description
It was discovered that FontForge, a font editor, did not correctly
validate its input. An attacker could use this flaw by tricking a user
into opening a maliciously crafted OpenType font file, thus causing a
denial-of-service via application crash, or execution of arbitrary code
(CVE-2017-11568, CVE-2017-11569, CVE-2017-11571, CVE-2017-11572,
CVE-2017-11574, CVE-2017-11575, CVE-2017-11576, CVE-2017-11577).