Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-25690

Опубликовано: 21 янв. 2020
Источник: redhat
CVSS3: 8.8
EPSS Низкий

Описание

An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

An out-of-bounds write flaw was found in FontForge while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Отчет

The impact of this flaw is set to Moderate since upstream does not consider a network-facing application that accepts untrusted font files as a reasonable use of fontforge tool/library, making the impact of a possible exploitation of this flaw smaller.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6fontforgeNot affected
Red Hat Enterprise Linux 7fontforgeNot affected
Red Hat Enterprise Linux 8fontforgeFixedRHSA-2020:484404.11.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=1893188fontforge: SFD_GetFontMetaData() insufficient CVE-2020-5395 backport

EPSS

Процентиль: 74%
0.00838
Низкий

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-25690

CVSS3: 8.8
ubuntu
почти 5 лет назад

An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

nvd логотип

CVE-2020-25690

CVSS3: 8.8
nvd
почти 5 лет назад

An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

debian логотип

CVE-2020-25690

CVSS3: 8.8
debian
почти 5 лет назад

An out-of-bounds write flaw was found in FontForge in versions before ...

github логотип

GHSA-8m73-qxc4-m26m

github
больше 3 лет назад

An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

suse-cvrf логотип

openSUSE-SU-2020:2111-1

suse-cvrf
около 5 лет назад

Security update for fontforge

EPSS

Процентиль: 74%
0.00838
Низкий

8.8 High

CVSS3