OESA-2021-1104
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1104
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2021-1104.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2021-1104
- Upstream
- Published
- 2021-04-07T11:02:44Z
- Modified
- 2025-09-03T06:17:04.528514Z
- Summary
- fontforge security update
- Details
-
Mozilla fontforge is an open-source web browser, designed for standards compliance, performance and portability.
Security Fix(es):
An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-25690)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:20.03-LTS / fontforge
Package
- Name
- fontforge
- Purl
- pkg:rpm/openEuler/fontforge&distro=openEuler-20.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20200314-2.oe1
Ecosystem specific
{
"src": [
"fontforge-20200314-2.oe1.src.rpm"
],
"x86_64": [
"fontforge-debugsource-20200314-2.oe1.x86_64.rpm",
"fontforge-debuginfo-20200314-2.oe1.x86_64.rpm",
"fontforge-20200314-2.oe1.x86_64.rpm",
"fontforge-devel-20200314-2.oe1.x86_64.rpm"
],
"aarch64": [
"fontforge-debugsource-20200314-2.oe1.aarch64.rpm",
"fontforge-debuginfo-20200314-2.oe1.aarch64.rpm",
"fontforge-20200314-2.oe1.aarch64.rpm",
"fontforge-devel-20200314-2.oe1.aarch64.rpm"
],
"noarch": [
"fontforge-help-20200314-2.oe1.noarch.rpm"
]
}