Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-202004-14
HistoryApr 30, 2020 - 12:00 a.m.

FontForge: Multiple vulnerabilities

2020-04-3000:00:00
Gentoo Foundation
security.gentoo.org
23

0.005 Low

EPSS

Percentile

76.6%

JSON

Background

FontForge is a PostScript font editor and converter.

Description

Multiple vulnerabilities have been discovered in FontForge. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted font using FontForge, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All FontForge users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-gfx/fontforge-20200314"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-gfx/fontforge< 20200314UNKNOWN

Related

nessus 19
suse 2
openvas 6
mageia 2
prion 3
redhatcve 4
osv 5
cvelist 3
cve 3
debian 1
ubuntucve 4
debiancve 3
veracode 3
redhat 3
amazon 1
centos 1
fedora 2
oraclelinux 2
almalinux 1
nessus
nessus
GLSA-202004-14 : FontForge: Multiple vulnerabilities
2020-05-01 00:00:00
openSUSE Security Update : fontforge (openSUSE-2020-89)
2020-01-22 00:00:00
SUSE SLED15 / SLES15 Security Update : fontforge (SUSE-SU-2020:0118-1)
2020-01-17 00:00:00
suse
suse
Security update for fontforge (moderate)
2020-01-22 00:00:00
Security update for fontforge (moderate)
2020-11-29 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0057)
2022-01-28 00:00:00
openSUSE: Security Advisory for fontforge (openSUSE-SU-2020:0089_1)
2020-01-27 00:00:00
Debian: Security Advisory (DLA-3754-1)
2024-03-08 00:00:00
mageia
mageia
Updated fontforge packages fix security vulnerabilities
2020-01-28 10:52:40
Updated fontforge packages fix a security vulnerability
2020-11-08 17:14:27
prion
prion
Buffer overflow
2019-08-29 13:15:00
Heap overflow
2020-01-03 22:15:00
Code injection
2020-01-03 20:15:00
redhatcve
redhatcve
CVE-2019-15785
2019-09-11 05:51:14
CVE-2020-5496
2020-04-08 17:24:08
CVE-2020-5395
2020-01-11 14:38:59
osv
osv
CVE-2019-15785
2019-08-29 13:15:11
fontforge - security update
2024-03-08 00:00:00
CVE-2020-5496
2020-01-03 22:15:13
cvelist
cvelist
CVE-2019-15785
2019-08-29 12:39:08
CVE-2020-5496
2020-01-03 00:00:00
CVE-2020-5395
2020-01-03 00:00:00
cve
cve
CVE-2019-15785
2019-08-29 13:15:00
CVE-2020-5496
2020-01-03 22:15:00
CVE-2020-5395
2020-01-03 20:15:00
debian
debian
[SECURITY] [DLA 3754-1] fontforge security update
2024-03-07 23:12:31
ubuntucve
ubuntucve
CVE-2019-15785
2019-08-29 00:00:00
CVE-2020-5496
2020-01-03 00:00:00
CVE-2020-5395
2020-01-03 00:00:00
debiancve
debiancve
CVE-2019-15785
2019-08-29 13:15:00
CVE-2020-5496
2020-01-03 22:15:00
CVE-2020-5395
2020-01-03 20:15:00
veracode
veracode
Arbitrary Code Execution
2020-12-07 05:57:42
Arbitrary Code Execution
2020-10-01 03:50:11
Denial Of Service(DoS)
2020-11-05 03:18:50
redhat
redhat
(RHSA-2020:1921) Moderate: fontforge security update
2020-04-28 09:31:16
(RHSA-2020:3966) Moderate: fontforge security update
2020-09-29 07:47:12
(RHSA-2020:4844) Moderate: fontforge security update
2020-11-03 12:40:50
amazon
amazon
Medium: fontforge
2020-10-22 17:33:00
centos
centos
fontforge security update
2020-10-20 18:02:13
fedora
fedora
[SECURITY] Fedora 31 Update: fontforge-20190801-6.fc31
2020-02-27 17:33:16
[SECURITY] Fedora 31 Update: fontforge-20190801-2.fc31
2020-01-25 06:36:38
oraclelinux
oraclelinux
fontforge security update
2020-05-05 00:00:00
fontforge security update
2020-10-06 00:00:00
almalinux
almalinux
Moderate: fontforge security update
2020-11-03 12:40:50

0.005 Low

EPSS

Percentile

76.6%

JSON
Related for GLSA-202004-14
nessus19suse2openvas6mageia2prion3redhatcve4osv5cvelist3cve3debian1ubuntucve4debiancve3veracode3redhat3amazon1centos1fedora2oraclelinux2almalinux1