6 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-25690
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an...
SUSE CVE-2020-25690
An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat...
OESA-2021-1104 fontforge security update
Mozilla fontforge is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacke...
fontforge: SFD_GetFontMetaData() insufficient CVE-2020-5395 backport
An out-of-bounds write flaw was found in FontForge while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is t...
fontforge: out-of-bounds write in SFD_GetFontMetaData function in sfd.c
An out-of-bounds write was discovered in fontforge while parsing SFD files containing very large LayerCount tokens. The flaw allows an attacker to overwrite data before a buffer allocated on the heap, thus causing the application to crash or execute arbitrary code...
fontforge: out-of-bounds write in SFD_GetFontMetaData function in sfd.c
An out-of-bounds write was discovered in fontforge while parsing SFD files containing very large LayerCount tokens. The flaw allows an attacker to overwrite data before a buffer allocated on the heap, thus causing the application to crash or execute arbitrary code...