Lucene search

K
mageiaGentoo FoundationMGASA-2024-0082
HistoryMar 22, 2024 - 3:19 a.m.

Updated fontforge packages fix security vulnerabilities

2024-03-2203:19:51
Gentoo Foundation
advisories.mageia.org
12
fontforge
packages
fix
command injection
vulnerabilities
filenames
archives
unix

7.5 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

Splinefont in FontForge through 20230101 allows command injection via crafted filenames. (CVE-2024-25081) Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files. (CVE-2024-25082)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchfontforge< 20220308-2.1fontforge-20220308-2.1.mga9

7.5 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%