Описание
FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of pixels within BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27517.
A flaw was found in FontForge. This heap-based buffer overflow vulnerability occurs during the parsing of pixels within BMP (Bitmap) files, due to insufficient validation of user-supplied data length. A remote attacker could exploit this by tricking a user into opening a malicious BMP file or visiting a malicious page. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Отчет
This vulnerability is rated Important for Red Hat as it allows remote code execution via a heap-based buffer overflow in FontForge when parsing malicious BMP files. Exploitation requires user interaction, where a target must open a malicious BMP file or visit a malicious page. FontForge is available in Red Hat Enterprise Linux and Fedora distributions.
Меры по смягчению последствий
Users are advised to avoid opening untrusted or suspicious BMP files with FontForge to prevent exploitation. If FontForge is not a required application, consider removing the fontforge package to eliminate the attack surface. Removing this package may impact functionality that relies on FontForge.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | fontforge | Out of support scope | ||
| Red Hat Enterprise Linux 7 | fontforge | Affected | ||
| Red Hat Enterprise Linux 8 | fontforge | Affected | ||
| Red Hat Enterprise Linux 10 | fontforge | Fixed | RHSA-2026:2230 | 09.02.2026 |
| Red Hat Enterprise Linux 10.0 Extended Update Support | fontforge | Fixed | RHSA-2026:2232 | 09.02.2026 |
| Red Hat Enterprise Linux 9 | fontforge | Fixed | RHSA-2026:2039 | 05.02.2026 |
| Red Hat Enterprise Linux 9.4 Extended Update Support | fontforge | Fixed | RHSA-2026:2566 | 11.02.2026 |
| Red Hat Enterprise Linux 9.6 Extended Update Support | fontforge | Fixed | RHSA-2026:2213 | 09.02.2026 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of pixels within BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27517.
FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of pixels within BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27517.
FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Co ...
FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of pixels within BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27517.
EPSS
7.8 High
CVSS3