CVE-2020-25690

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-25690

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25690.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-25690

Related

Published

2021-02-23T04:15:13Z

Modified

2024-08-01T08:53:40.502760Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1893188

Affected packages

Git / github.com/fontforge/fontforge

Affected ranges

Type: GIT
Repo: https://github.com/fontforge/fontforge
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

67687b099f82022d7384c76d0e1509fcc5e938b9

Affected versions

2.*

2.0.20140101

Other

20140813

20141013

20141014

20141126

20141230

20150228

20150330

20150430

20150612

20150824

20160403

20160404

20160930

20161001

20161004

20161005

20161012

20170730

20170731

20190317

20190413

20190801

v20110222

v20120731-b

v2.*

v2.1.0