
Find real vulnerabilities before they ship
uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534.
Base Score
8.8| Base Score | 8.8 |
|---|---|
| Vector String | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Base Severity | High |
| Version | 3.0 |
| Attack Vector (AV) | NETWORK |