CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25690 – fontforge: SFD_GetFontMetaData() insufficient CVE-2020-5395 backport
https://notcve.org/view.php?id=CVE-2020-25690
An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo de escritura fuera de límites en FontForge en versiones anteriores a 20200314 mientras se analizan archivos SFD que contienen determinados tokens LayerCount. Este fallo permite a un atacante manipular la memoria asignada en la pila, causando a la aplicación bloquearse o ejecutar código arbitrario. • https://bugzilla.redhat.com/show_bug.cgi?id=1893188 https://access.redhat.com/security/cve/CVE-2020-25690 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15785
https://notcve.org/view.php?id=CVE-2019-15785
FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c. FontForge versión 20190813 hasta la versión 20190820 tiene un desbordamiento de búfer en la función PrefsUI_LoadPrefs en el archivo prefs.c. • https://github.com/fontforge/fontforge/commit/626f751752875a0ddd74b9e217b6f4828713573c https://github.com/fontforge/fontforge/pull/3886 https://security.gentoo.org/glsa/202004-14 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17521
https://notcve.org/view.php?id=CVE-2017-17521
uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534. uiutil.c en FontForge hasta la versión 20170731 no valida cadenas antes de iniciar el programa especificado por la variable de entorno BROWSER. Esto podría permitir que atacantes remotos lleven a cabo ataques de inyección de argumentos mediante una URL manipulada. Esta vulnerabilidad es diferente de CVE-2017-17534. • https://security-tracker.debian.org/tracker/CVE-2017-17521 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.8EPSS: 15%CPEs: 1EXPL: 6CVE-2010-4259 – FontForge - '.BDF' Font File Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2010-4259
Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file. Desbordamiento de buffer basado en pila en FontForge 20100501 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código de su elección mediante una cabecera CHARSET_REGISTRY larga en un fichero de fuentes BDF. • https://www.exploit-db.com/exploits/15732 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605537 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052201.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052219.html http://openwall.com/lists/oss-security/2010/12/02/5 http://openwall.com/lists/oss-security/2010/12/02/8 http://secunia.com/advisories/42577 http://www.debian.org/security/2011/dsa-2253 http://www.exploit-db.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •