4 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo de escritura fuera de límites en FontForge en versiones anteriores a 20200314 mientras se analizan archivos SFD que contienen determinados tokens LayerCount. Este fallo permite a un atacante manipular la memoria asignada en la pila, causando a la aplicación bloquearse o ejecutar código arbitrario. • https://bugzilla.redhat.com/show_bug.cgi?id=1893188 https://access.redhat.com/security/cve/CVE-2020-25690 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1

FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. FontForge versión 20190801, tiene un uso de la memoria previamente liberada de la función SFD_GetFontMetaData en el archivo sfd.c. An out-of-bounds write was discovered in fontforge while parsing SFD files containing very large LayerCount tokens. The flaw allows an attacker to overwrite data before a buffer allocated on the heap, thus causing the application to crash or execute arbitrary code. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00041.html https://github.com/fontforge/fontforge/issues/4084 https://lists.debian.org/debian-lts-announce/2024/03/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2S75EAVF4KPCH3WFBMZADUAU7EAXA7ZQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MH6PKVQLBKIO7LQPDXB3MKI5I6AMDCN6 https://security.gentoo.org/glsa/202004-14 https://access.redhat.com/security/cve&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c. FontForge versión 20190801, tiene un desbordamiento de búfer en la región heap de la memoria en la función Type2NotDefSplines() en el archivo splinesave.c. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00041.html https://github.com/fontforge/fontforge/issues/4085 https://lists.debian.org/debian-lts-announce/2024/03/msg00007.html https://security.gentoo.org/glsa/202004-14 • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c. FontForge versión 20190813 hasta la versión 20190820 tiene un desbordamiento de búfer en la función PrefsUI_LoadPrefs en el archivo prefs.c. • https://github.com/fontforge/fontforge/commit/626f751752875a0ddd74b9e217b6f4828713573c https://github.com/fontforge/fontforge/pull/3886 https://security.gentoo.org/glsa/202004-14 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •