UBUNTU-CVE-2020-25690
- Source
- https://ubuntu.com/security/CVE-2020-25690
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-25690.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2020-25690
- Upstream
- Published
- 2021-02-23T04:15:00Z
- Modified
- 2026-01-20T17:15:03.774103Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
- References
Affected packages
Ubuntu:20.04:LTS
fontforge
Package
- Name
- fontforge
- Purl
- pkg:deb/ubuntu/fontforge@1:20190801~dfsg-4ubuntu0.1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
Other
1:20170731~dfsg-1build1
1:20170731~dfsg-2
1:20190801~dfsg-2
1:20190801~dfsg-2ubuntu1
1:20190801~dfsg-4
1:20190801~dfsg-4ubuntu0.*
1:20190801~dfsg-4ubuntu0.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "fontforge",
"binary_version": "1:20190801~dfsg-4ubuntu0.1"
},
{
"binary_name": "fontforge-common",
"binary_version": "1:20190801~dfsg-4ubuntu0.1"
},
{
"binary_name": "fontforge-extras",
"binary_version": "1:20190801~dfsg-4ubuntu0.1"
},
{
"binary_name": "fontforge-nox",
"binary_version": "1:20190801~dfsg-4ubuntu0.1"
},
{
"binary_name": "libfontforge-dev",
"binary_version": "1:20190801~dfsg-4ubuntu0.1"
},
{
"binary_name": "libfontforge3",
"binary_version": "1:20190801~dfsg-4ubuntu0.1"
},
{
"binary_name": "libgdraw6",
"binary_version": "1:20190801~dfsg-4ubuntu0.1"
},
{
"binary_name": "python3-fontforge",
"binary_version": "1:20190801~dfsg-4ubuntu0.1"
}
]
}Ubuntu:22.04:LTS
fontforge
Package
- Name
- fontforge
- Purl
- pkg:deb/ubuntu/fontforge@1:20201107~dfsg-4+deb11u1build0.22.04.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
Other
1:20201107~dfsg-4
1:20201107~dfsg-4build1
1:20201107~dfsg-4+deb11u1build0.*
1:20201107~dfsg-4+deb11u1build0.22.04.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "fontforge",
"binary_version": "1:20201107~dfsg-4+deb11u1build0.22.04.1"
},
{
"binary_name": "fontforge-common",
"binary_version": "1:20201107~dfsg-4+deb11u1build0.22.04.1"
},
{
"binary_name": "fontforge-extras",
"binary_version": "1:20201107~dfsg-4+deb11u1build0.22.04.1"
},
{
"binary_name": "fontforge-nox",
"binary_version": "1:20201107~dfsg-4+deb11u1build0.22.04.1"
},
{
"binary_name": "libfontforge4",
"binary_version": "1:20201107~dfsg-4+deb11u1build0.22.04.1"
},
{
"binary_name": "python3-fontforge",
"binary_version": "1:20201107~dfsg-4+deb11u1build0.22.04.1"
}
]
}Ubuntu:24.04:LTS
fontforge
Package
- Name
- fontforge
- Purl
- pkg:deb/ubuntu/fontforge@1:20230101~dfsg-1.1build1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
Other
1:20230101~dfsg-1build1
1:20230101~dfsg-1build2
1:20230101~dfsg-1.*
1:20230101~dfsg-1.1
1:20230101~dfsg-1.1build1
Ecosystem specific
{
"binaries": [
{
"binary_name": "fontforge",
"binary_version": "1:20230101~dfsg-1.1build1"
},
{
"binary_name": "fontforge-common",
"binary_version": "1:20230101~dfsg-1.1build1"
},
{
"binary_name": "fontforge-extras",
"binary_version": "1:20230101~dfsg-1.1build1"
},
{
"binary_name": "fontforge-nox",
"binary_version": "1:20230101~dfsg-1.1build1"
},
{
"binary_name": "libfontforge4",
"binary_version": "1:20230101~dfsg-1.1build1"
},
{
"binary_name": "python3-fontforge",
"binary_version": "1:20230101~dfsg-1.1build1"
}
]
}Ubuntu:25.10
fontforge
Package
- Name
- fontforge
- Purl
- pkg:deb/ubuntu/fontforge@1:20230101~dfsg-8?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
Other
1:20230101~dfsg-4build1
1:20230101~dfsg-4build2
1:20230101~dfsg-7
1:20230101~dfsg-8
Ecosystem specific
{
"binaries": [
{
"binary_name": "fontforge",
"binary_version": "1:20230101~dfsg-8"
},
{
"binary_name": "fontforge-common",
"binary_version": "1:20230101~dfsg-8"
},
{
"binary_name": "fontforge-extras",
"binary_version": "1:20230101~dfsg-8"
},
{
"binary_name": "fontforge-nox",
"binary_version": "1:20230101~dfsg-8"
},
{
"binary_name": "libfontforge4",
"binary_version": "1:20230101~dfsg-8"
},
{
"binary_name": "python3-fontforge",
"binary_version": "1:20230101~dfsg-8"
}
]
}Ubuntu:Pro:16.04:LTS
fontforge
Package
- Name
- fontforge
- Purl
- pkg:deb/ubuntu/fontforge@20120731.b-7.1ubuntu0.1+esm1?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
20120731.*
20120731.b-5
20120731.b-5ubuntu1
20120731.b-7.1
20120731.b-7.1ubuntu0.1
20120731.b-7.1ubuntu0.1+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "fontforge",
"binary_version": "20120731.b-7.1ubuntu0.1+esm1"
},
{
"binary_name": "fontforge-common",
"binary_version": "20120731.b-7.1ubuntu0.1+esm1"
},
{
"binary_name": "fontforge-nox",
"binary_version": "20120731.b-7.1ubuntu0.1+esm1"
},
{
"binary_name": "libfontforge-dev",
"binary_version": "20120731.b-7.1ubuntu0.1+esm1"
},
{
"binary_name": "libfontforge1",
"binary_version": "20120731.b-7.1ubuntu0.1+esm1"
},
{
"binary_name": "libgdraw4",
"binary_version": "20120731.b-7.1ubuntu0.1+esm1"
},
{
"binary_name": "python-fontforge",
"binary_version": "20120731.b-7.1ubuntu0.1+esm1"
}
]
}Ubuntu:Pro:18.04:LTS
fontforge
Package
- Name
- fontforge
- Purl
- pkg:deb/ubuntu/fontforge@1:20170731~dfsg-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
Other
1:20161005~dfsg-4+deb9u1ubuntu1
1:20170731~dfsg-1
1:20170731~dfsg-1ubuntu0.*
1:20170731~dfsg-1ubuntu0.1~esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "fontforge",
"binary_version": "1:20170731~dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "fontforge-common",
"binary_version": "1:20170731~dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "fontforge-nox",
"binary_version": "1:20170731~dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "libfontforge-dev",
"binary_version": "1:20170731~dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "libfontforge2",
"binary_version": "1:20170731~dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "libgdraw5",
"binary_version": "1:20170731~dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "python-fontforge",
"binary_version": "1:20170731~dfsg-1ubuntu0.1~esm1"
}
]
}