AlmaLinuxALSA-2024:4267Moderate: fontforge security update
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
AI Score
Confidence
Low
FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed fonts.
Security Fix(es):
- fontforge: command injection via crafted filenames (CVE-2024-25081)
- fontforge: command injection via crafted archives or compressed files (CVE-2024-25082)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 8 | i686 | fontforge | < 20200314-6.el8_10 | fontforge-20200314-6.el8_10.i686.rpm |
| almalinux | 8 | x86_64 | fontforge | < 20200314-6.el8_10 | fontforge-20200314-6.el8_10.x86_64.rpm |
| almalinux | 8 | aarch64 | fontforge | < 20200314-6.el8_10 | fontforge-20200314-6.el8_10.aarch64.rpm |
| almalinux | 8 | ppc64le | fontforge | < 20200314-6.el8_10 | fontforge-20200314-6.el8_10.ppc64le.rpm |
| almalinux | 8 | s390x | fontforge | < 20200314-6.el8_10 | fontforge-20200314-6.el8_10.s390x.rpm |
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
AI Score
Confidence
Low