Amazon Linux 2 : fontforge (ALAS-2020-1514)

The version of fontforge installed on the remote host is prior to 20120731b-13. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1514 advisory. An out-of-bounds write was discovered in fontforge while parsing SFD files containing very large LayerCount tokens. The flaw...

CVE-2020-5496

FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines function in splinesave.c...

FontForge Resource Management Error Vulnerability

FontForge is an open source font editing tool that supports multiple languages. A resource management error vulnerability exists in the 'SFDGetFontMetaData' function of the sfd.c file in FontForge version 20190801. The vulnerability stems from mismanagement of system resources e.g., memory, disk...

FontForge buffer overflow vulnerability (CNVD-2020-01920)

FontForge is an open source font editing tool that supports multiple languages. A buffer overflow vulnerability exists in the 'Type2NotDefSplines' function of the splinesave.c file in FontForge version 20190801. The vulnerability stems from a networked system or product performing operations in...

CVE-2020-5395

FontForge 20190801 has a use-after-free in SFDGetFontMetaData in sfd.c...

CVE-2020-5395

FontForge 20190801 has a use-after-free in SFDGetFontMetaData in sfd.c...

CVE-2020-5395

FontForge 20190801 has a use-after-free in SFDGetFontMetaData in sfd.c...

CVE-2020-5496

FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines function in splinesave.c...

PT-2020-18478 · Fontforge +3 · Fontforge +3

Name of the Vulnerable Software and Affected Versions: FontForge version 20190801 Description: The issue is a heap-based buffer overflow in the Type2NotDefSplines function in splinesave.c. This occurs due to improper handling of data, leading to a potential overflow. Recommendations: For FontForg...

CVE-2020-5496

FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines function in splinesave.c...