Security Advisory

CVE-2017-17521

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-12-14 16:00:00

Last updated 2024-08-05 20:51:32

Assigner mitre

State PUBLISHED

Description

uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534.

← Browse all CVEs View on cve.org ↗