Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-25690

An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Published

2021-02-23T04:15:13.710

Last Modified

2024-11-21T05:18:28.803

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fontforge	fontforge	< 20200314	Yes

References

https://bugzilla.redhat.com/show_bug.cgi?id=1893188 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1893188 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)