Lucene search
RedhatCVELIST:CVE-2020-25690HistoryFeb 23, 2021 - 3:40 a.m.
CVE-2020-25690
2021-02-2303:40:04
CWE-119
redhat
www.cve.org
5
fontforge
out-of-bounds write
sfd files
memory manipulation
arbitrary code
confidentiality
integrity
system availability
An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CNA Affected
[
{
"product": "fontforge",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "fontforge before 20200314"
}
]
}
]Related
nvd
nvd
CVE-2020-25690
2021-02-23 04:15:13
prion
prion
Heap overflow
2021-02-23 04:15:00
cve
cve
CVE-2020-25690
2021-02-23 04:15:13
nessus
nessus
AlmaLinux 8 : fontforge (ALSA-2020:4844)
2022-02-09 00:00:00
RHEL 8 : fontforge (RHSA-2020:4844)
2020-11-04 00:00:00
openSUSE Security Update : fontforge (openSUSE-2020-2111)
2020-12-07 00:00:00
osv
osv
CVE-2020-25690
2021-02-23 04:15:13
Moderate: fontforge security update
2020-11-03 12:40:50
debiancve
debiancve
CVE-2020-25690
2021-02-23 04:15:13
almalinux
almalinux
Moderate: fontforge security update
2020-11-03 12:40:50
ubuntucve
ubuntucve
CVE-2020-25690
2021-02-23 00:00:00
suse
suse
Security update for fontforge (moderate)
2020-11-29 00:00:00
redhat
redhat
(RHSA-2020:4844) Moderate: fontforge security update
2020-11-03 12:40:50
redhatcve
redhatcve
CVE-2020-25690
2020-10-30 13:56:29
veracode
veracode
Denial Of Service(DoS)
2020-11-05 03:18:50
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0405)
2022-01-28 00:00:00
mageia
mageia
Updated fontforge packages fix a security vulnerability
2020-11-08 17:14:27