It was discovered that FontForge incorrectly handled filenames. If a user or an
automated system were tricked into opening a specially crafted input file, a
remote attacker could possibly use this issue to perform a command injection.
(CVE-2024-25081)
It was discovered that FontForge incorrectly handled archives and compressed
files. If a user or an automated system were tricked into opening a specially
crafted input file, a remote attacker could possibly use this issue to perform
command injection. (CVE-2024-25082)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 23.10 | noarch | fontforge | < 1:20230101~dfsg-1ubuntu0.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | fontforge-common | < 1:20230101~dfsg-1ubuntu0.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | fontforge-dbgsym | < 1:20230101~dfsg-1ubuntu0.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | fontforge-doc | < 1:20230101~dfsg-1ubuntu0.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | fontforge-extras | < 1:20230101~dfsg-1ubuntu0.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | fontforge-extras-dbgsym | < 1:20230101~dfsg-1ubuntu0.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | fontforge-nox | < 1:20230101~dfsg-1ubuntu0.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | fontforge-nox-dbgsym | < 1:20230101~dfsg-1ubuntu0.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | libfontforge4 | < 1:20230101~dfsg-1ubuntu0.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | libfontforge4-dbgsym | < 1:20230101~dfsg-1ubuntu0.1 | UNKNOWN |