Описание
Security update for fontforge
This update for fontforge fixes the following issues:
- CVE-2020-5395: Fixed a use-after-free in SFD_GetFontMetaData() (bsc#1160220).
- CVE-2020-5496: Fixed a heap-based buffer overflow in Type2NotDefSplines() (bsc#1160236).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
fontforge-20170731-lp151.4.3.1
fontforge-devel-20170731-lp151.4.3.1
fontforge-doc-20170731-lp151.4.3.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0089-1
- SUSE Security Ratings
- SUSE Bug 1160220
- SUSE Bug 1160236
- SUSE CVE CVE-2020-5395 page
- SUSE CVE CVE-2020-5496 page
Описание
FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.
Затронутые продукты
openSUSE Leap 15.1:fontforge-20170731-lp151.4.3.1
openSUSE Leap 15.1:fontforge-devel-20170731-lp151.4.3.1
openSUSE Leap 15.1:fontforge-doc-20170731-lp151.4.3.1
Ссылки
- CVE-2020-5395
- SUSE Bug 1160220
- SUSE Bug 1178308
Описание
FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c.
Затронутые продукты
openSUSE Leap 15.1:fontforge-20170731-lp151.4.3.1
openSUSE Leap 15.1:fontforge-devel-20170731-lp151.4.3.1
openSUSE Leap 15.1:fontforge-doc-20170731-lp151.4.3.1
Ссылки
- CVE-2020-5496
- SUSE Bug 1160236