Описание
Security update for fontforge
This update for fontforge fixes the following issues:
- fix for Use-after-free (heap) in the SFD_GetFontMetaData() function and the crash (bsc#1178308 CVE-2020-25690).
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP5
fontforge-20170731-11.14.1
Ссылки
- Link for SUSE-SU-2020:3628-1
- E-Mail link for SUSE-SU-2020:3628-1
- SUSE Security Ratings
- SUSE Bug 1160220
- SUSE Bug 1178308
- SUSE CVE CVE-2020-25690 page
- SUSE CVE CVE-2020-5395 page
Описание
An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP5:fontforge-20170731-11.14.1
Ссылки
- CVE-2020-25690
- SUSE Bug 1178308
Описание
FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP5:fontforge-20170731-11.14.1
Ссылки
- CVE-2020-5395
- SUSE Bug 1160220
- SUSE Bug 1178308