CVE-2020-25690

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-25690
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25690.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-25690
Related
Published
2021-02-23T04:15:13Z
Modified
2024-10-12T06:23:11.841395Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

References

Affected packages

Git / github.com/fontforge/fontforge

Affected ranges

Type
GIT
Repo
https://github.com/fontforge/fontforge
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

2.*

2.0.20140101

Other

20140813
20141013
20141014
20141126
20141230
20150228
20150330
20150430
20150612
20150824
20160403
20160404
20160930
20161001
20161004
20161005
20161012
20170730
20170731
20190317
20190413
20190801
v20110222
v20120731-b

v2.*

v2.1.0