Описание
Security update for fontforge
This update for fontforge fixes the following issues:
- fix for Use-after-free (heap) in the SFD_GetFontMetaData() function and the crash (bsc#1178308 CVE-2020-25690).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
fontforge-20170731-lp151.4.6.1
fontforge-devel-20170731-lp151.4.6.1
fontforge-doc-20170731-lp151.4.6.1
Ссылки
- E-Mail link for openSUSE-SU-2020:2111-1
- SUSE Security Ratings
- SUSE Bug 1160220
- SUSE Bug 1178308
- SUSE CVE CVE-2020-25690 page
- SUSE CVE CVE-2020-5395 page
Описание
An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Затронутые продукты
openSUSE Leap 15.1:fontforge-20170731-lp151.4.6.1
openSUSE Leap 15.1:fontforge-devel-20170731-lp151.4.6.1
openSUSE Leap 15.1:fontforge-doc-20170731-lp151.4.6.1
Ссылки
- CVE-2020-25690
- SUSE Bug 1178308
Описание
FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.
Затронутые продукты
openSUSE Leap 15.1:fontforge-20170731-lp151.4.6.1
openSUSE Leap 15.1:fontforge-devel-20170731-lp151.4.6.1
openSUSE Leap 15.1:fontforge-doc-20170731-lp151.4.6.1
Ссылки
- CVE-2020-5395
- SUSE Bug 1160220
- SUSE Bug 1178308