Lucene search
AmazonALAS-2024-2495HistoryMar 13, 2024 - 8:26 p.m.
Medium: fontforge
2024-03-1320:26:00
alas.aws.amazon.com
5
fontforge
splinefont
command injection
crafted filenames
crafted archives
cve-2024-25081
cve-2024-25082
amazon linux 2
red hat
mitre
unix
Issue Overview:
Splinefont in FontForge through 20230101 allows command injection via crafted filenames. (CVE-2024-25081)
Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files. (CVE-2024-25082)
Affected Packages:
fontforge
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update fontforge to update your system.
New Packages:
aarch64:
fontforge-20120731b-13.amzn2.0.2.aarch64
fontforge-devel-20120731b-13.amzn2.0.2.aarch64
fontforge-debuginfo-20120731b-13.amzn2.0.2.aarch64
i686:
fontforge-20120731b-13.amzn2.0.2.i686
fontforge-devel-20120731b-13.amzn2.0.2.i686
fontforge-debuginfo-20120731b-13.amzn2.0.2.i686
src:
fontforge-20120731b-13.amzn2.0.2.src
x86_64:
fontforge-20120731b-13.amzn2.0.2.x86_64
fontforge-devel-20120731b-13.amzn2.0.2.x86_64
fontforge-debuginfo-20120731b-13.amzn2.0.2.x86_64
Additional References
Red Hat: CVE-2024-25081, CVE-2024-25082
Mitre: CVE-2024-25081, CVE-2024-25082
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 2 | aarch64 | fontforge | < 20120731b-13.amzn2.0.2 | fontforge-20120731b-13.amzn2.0.2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | fontforge-devel | < 20120731b-13.amzn2.0.2 | fontforge-devel-20120731b-13.amzn2.0.2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | fontforge-debuginfo | < 20120731b-13.amzn2.0.2 | fontforge-debuginfo-20120731b-13.amzn2.0.2.aarch64.rpm |
| Amazon Linux | 2 | i686 | fontforge | < 20120731b-13.amzn2.0.2 | fontforge-20120731b-13.amzn2.0.2.i686.rpm |
| Amazon Linux | 2 | i686 | fontforge-devel | < 20120731b-13.amzn2.0.2 | fontforge-devel-20120731b-13.amzn2.0.2.i686.rpm |
| Amazon Linux | 2 | i686 | fontforge-debuginfo | < 20120731b-13.amzn2.0.2 | fontforge-debuginfo-20120731b-13.amzn2.0.2.i686.rpm |
| Amazon Linux | 2 | x86_64 | fontforge | < 20120731b-13.amzn2.0.2 | fontforge-20120731b-13.amzn2.0.2.x86_64.rpm |
| Amazon Linux | 2 | x86_64 | fontforge-devel | < 20120731b-13.amzn2.0.2 | fontforge-devel-20120731b-13.amzn2.0.2.x86_64.rpm |
| Amazon Linux | 2 | x86_64 | fontforge-debuginfo | < 20120731b-13.amzn2.0.2 | fontforge-debuginfo-20120731b-13.amzn2.0.2.x86_64.rpm |
Related
nessus
nessus
SUSE SLES12 Security Update : fontforge (SUSE-SU-2024:0863-1)
2024-03-15 00:00:00
Amazon Linux 2023 : fontforge, fontforge-devel (ALAS2023-2024-565)
2024-03-21 00:00:00
Amazon Linux 2 : fontforge (ALAS-2024-2495)
2024-03-18 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: fontforge-20230101-11.fc40
2024-03-23 00:44:37
openvas
openvas
Fedora: Security Advisory for fontforge (FEDORA-2024-e01ef71e64)
2024-03-25 00:00:00
Debian: Security Advisory (DSA-5641-1)
2024-03-20 00:00:00
Mageia: Security Advisory (MGASA-2024-0082)
2024-04-05 00:00:00
debian
debian
[SECURITY] [DSA 5641-1] fontforge security update
2024-03-19 20:51:37
[SECURITY] [DLA 3754-1] fontforge security update
2024-03-07 23:12:06
mageia
mageia
Updated fontforge packages fix security vulnerabilities
2024-03-22 03:19:51
osv
osv
fontforge - security update
2024-03-19 00:00:00
fontforge - security update
2024-03-08 00:00:00
CVE-2024-25082
2024-02-26 16:27:58
veracode
veracode
Command Injection
2024-03-13 15:31:42
Command Injection
2024-03-13 15:31:24
ubuntucve
ubuntucve
CVE-2024-25082
2024-02-26 00:00:00
CVE-2024-25081
2024-02-26 00:00:00
redhatcve
redhatcve
CVE-2024-25082
2024-02-26 22:02:16
CVE-2024-25081
2024-02-26 22:02:07
debiancve
debiancve
CVE-2024-25082
2024-02-26 16:27:58
CVE-2024-25081
2024-02-26 16:27:58
prion
prion
Command injection
2024-02-26 16:27:00
Command injection
2024-02-26 16:27:00
nvd
nvd
CVE-2024-25082
2024-02-26 16:27:58
CVE-2024-25081
2024-02-26 16:27:58
cvelist
cvelist
CVE-2024-25082
2024-02-26 00:00:00
CVE-2024-25081
2024-02-26 00:00:00
cve
cve
CVE-2024-25082
2024-02-26 16:27:58
CVE-2024-25081
2024-02-26 16:27:58