UBUNTU-CVE-2020-25690

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-25690

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-25690.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-25690

Related

CVE-2020-25690

Published

2021-02-23T04:15:00Z

Modified

2024-10-15T14:07:39Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

References

Affected packages

Ubuntu:Pro:16.04:LTS / fontforge

Package

Name: fontforge
Purl: pkg:deb/ubuntu/fontforge?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

20120731.*

20120731.b-5

20120731.b-5ubuntu1

20120731.b-7.1

20120731.b-7.1ubuntu0.1

20120731.b-7.1ubuntu0.1+esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / fontforge

Package

Name: fontforge
Purl: pkg:deb/ubuntu/fontforge?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

1:20161005~dfsg-4+deb9u1ubuntu1

1:20170731~dfsg-1

1:20170731~dfsg-1ubuntu0.*

1:20170731~dfsg-1ubuntu0.1~esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / fontforge

Package

Name: fontforge
Purl: pkg:deb/ubuntu/fontforge?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

1:20170731~dfsg-1build1

1:20170731~dfsg-2

1:20190801~dfsg-2

1:20190801~dfsg-2ubuntu1

1:20190801~dfsg-4

1:20190801~dfsg-4ubuntu0.*

1:20190801~dfsg-4ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / fontforge

Package

Name: fontforge
Purl: pkg:deb/ubuntu/fontforge?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

1:20201107~dfsg-4

1:20201107~dfsg-4build1

1:20201107~dfsg-4+deb11u1build0.*

1:20201107~dfsg-4+deb11u1build0.22.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / fontforge

Package

Name: fontforge
Purl: pkg:deb/ubuntu/fontforge?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:20230101~dfsg-1.*

1:20230101~dfsg-1.1build1

Other

1:20230101~dfsg-2

1:20230101~dfsg-3

1:20230101~dfsg-4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / fontforge

Package

Name: fontforge
Purl: pkg:deb/ubuntu/fontforge?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

1:20230101~dfsg-1build1

1:20230101~dfsg-1build2

1:20230101~dfsg-1.*

1:20230101~dfsg-1.1

1:20230101~dfsg-1.1build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}