{"id":"CVE-2019-15785","details":"FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c.","modified":"2026-02-17T07:13:49.756236Z","published":"2019-08-29T13:15:11.630Z","references":[{"type":"ADVISORY","url":"https://github.com/fontforge/fontforge/pull/3886"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202004-14"},{"type":"FIX","url":"https://github.com/fontforge/fontforge/commit/626f751752875a0ddd74b9e217b6f4828713573c"},{"type":"FIX","url":"https://github.com/fontforge/fontforge/pull/3886"},{"type":"EVIDENCE","url":"https://github.com/fontforge/fontforge/pull/3886"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fontforge/fontforge","events":[{"introduced":"0"},{"fixed":"626f751752875a0ddd74b9e217b6f4828713573c"}]}],"versions":["2.0.20140101","20140813","20141013","20141014","20141126","20141230","20150228","20150330","20150430","20150612","20150824","20160403","20160404","20160930","20161001","20161004","20161005","20161012","20170730","20170731","20190317","20190413","20190801","v2.1.0","v20110222","v20120731-b"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15785.json","vanir_signatures":[{"signature_version":"v1","id":"CVE-2019-15785-5471588e","signature_type":"Line","target":{"file":"inc/gdraw.h"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["11521799222799627976866659460875161569","231437906610411510126544208188066495085","50015822478219354519704185302190925249","171658930628852949655608384629538743811"]},"source":"https://github.com/fontforge/fontforge/commit/626f751752875a0ddd74b9e217b6f4828713573c"},{"signature_version":"v1","id":"CVE-2019-15785-5642d430","signature_type":"Function","target":{"function":"sd_e_h","file":"fontforgeexe/scriptingdlg.c"},"deprecated":false,"digest":{"length":531,"function_hash":"270146238747134147247140345552239529879"},"source":"https://github.com/fontforge/fontforge/commit/626f751752875a0ddd74b9e217b6f4828713573c"},{"signature_version":"v1","id":"CVE-2019-15785-58cc9340","signature_type":"Line","target":{"file":"fontforgeexe/fontview.c"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["66293238448733849175856578370067891824","26064738572408377969597054308131166000","90270715372285765072767986754696450739","104503135954648878938973981713445266569","92444173049540587729457893710599183530","63436221906350983937828117423035869983","180505539212542728780071455275102469847","66870169974338441755168818758873218615","285007417218264898461433260184017179079","173280748819023588678459721738152210277"]},"source":"https://github.com/fontforge/fontforge/commit/626f751752875a0ddd74b9e217b6f4828713573c"},{"signature_version":"v1","id":"CVE-2019-15785-74ce00eb","signature_type":"Function","target":{"function":"GTextFieldSave","file":"gdraw/gtextfield.c"},"deprecated":false,"digest":{"length":1764,"function_hash":"309827298872631645882959104996881570681"},"source":"https://github.com/fontforge/fontforge/commit/626f751752875a0ddd74b9e217b6f4828713573c"},{"signature_version":"v1","id":"CVE-2019-15785-7b48fc67","signature_type":"Function","target":{"function":"_FVMenuClose","file":"fontforgeexe/fontview.c"},"deprecated":false,"digest":{"length":666,"function_hash":"165445820358136793456669812891238548768"},"source":"https://github.com/fontforge/fontforge/commit/626f751752875a0ddd74b9e217b6f4828713573c"},{"signature_version":"v1","id":"CVE-2019-15785-7e055ed8","signature_type":"Line","target":{"file":"fontforge/views.h"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["335755228573144989558612517637746896712","15142702828280941628116365709598518456","260261874478052372418828744129732387581","333582502148840180802690328508817512014"]},"source":"https://github.com/fontforge/fontforge/commit/626f751752875a0ddd74b9e217b6f4828713573c"},{"signature_version":"v1","id":"CVE-2019-15785-8888518f","signature_type":"Line","target":{"file":"fontforgeexe/scriptingdlg.c"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["67954954098173395743097335150682458363","145972557671025051382916092267360124050","7960535671878889205381974303003537647","234312203182832366450482603323611602214"]},"source":"https://github.com/fontforge/fontforge/commit/626f751752875a0ddd74b9e217b6f4828713573c"},{"signature_version":"v1","id":"CVE-2019-15785-89489ca8","signature_type":"Line","target":{"file":"inc/ggadget.h"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["207704581220597463388574138385442274546","95396940243811120323061059293036586309","149834489357418969769548246465408169311","319802710473720922956311640862396983165"]},"source":"https://github.com/fontforge/fontforge/commit/626f751752875a0ddd74b9e217b6f4828713573c"},{"signature_version":"v1","id":"CVE-2019-15785-91265147","signature_type":"Line","target":{"file":"fontforgeexe/prefs.c"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["239178204131320478463389229629353596657","275242591459324328334608621278360472807","186353957148822014829296037232592004881","34741172785642718655611402885867404620","5312778440274217010117615650039163321","280722432360428903795011556543937131402","43932201165641377399261527839365255496","137734148399769899737615224158296828101"]},"source":"https://github.com/fontforge/fontforge/commit/626f751752875a0ddd74b9e217b6f4828713573c"},{"signature_version":"v1","id":"CVE-2019-15785-bb1e9d0e","signature_type":"Line","target":{"file":"gdraw/gtextfield.c"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["165928242786753942980957291534323984756","290267453229137984372490573181729779328","54650845123392973625744557690180090385","225339533294086855922569873242351656280","316748948786597763235825315275628009058","128301542599717146780637224889443925643","300065605264723523912337823362586062272","241416098369100412591089631477456919661","319710987302283867407034275027877863298","180950764417537000505368763888843516740"]},"source":"https://github.com/fontforge/fontforge/commit/626f751752875a0ddd74b9e217b6f4828713573c"}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}