CVE-2017-11575

FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (char.c) resulting in DoS or code execution via a crafted otf file, related to a call from the readttfcopyrights function in parsettf.c. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt