NewStart CGSL CORE 5.05 / MAIN 5.05 : fontforge Vulnerability (NS-SA-2021-0153)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has fontforge packages installed that are affected by a vulnerability: - FontForge 20190801 has a use-after-free in SFDGetFontMetaData in sfd.c. CVE-2020-5395 Note that Nessus has not tested for this issue but has instead relie...

NewStart CGSL CORE 5.04 / MAIN 5.04 : fontforge Vulnerability (NS-SA-2021-0033)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has fontforge packages installed that are affected by a vulnerability: - FontForge 20190801 has a use-after-free in SFDGetFontMetaData in sfd.c. CVE-2020-5395 Note that Nessus has not tested for this issue but has instead relie...

CentOS 8 : fontforge (CESA-2020:4844)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2020:4844 advisory. - fontforge: SFDGetFontMetaData insufficient CVE-2020-5395 backport CVE-2020-25690 Note that Nessus has not tested for this issue but has instead relied only on...

Moderate: Red Hat Security Advisory: fontforge security update

An update for fontforge is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

ALSA-2020:4844 Moderate: fontforge security update

FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts. Security Fixes: fontforge: SFDGetFontMetaData insufficient CVE-2020-5395 backport...

Moderate: fontforge security update

FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts. Security Fixes: fontforge: SFDGetFontMetaData insufficient CVE-2020-5395 backport...

Amazon Linux 2 : fontforge (ALAS-2020-1514)

The version of fontforge installed on the remote host is prior to 20120731b-13. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1514 advisory. An out-of-bounds write was discovered in fontforge while parsing SFD files containing very large LayerCount tokens. The flaw...

Scientific Linux Security Update : fontforge on SL7.x x86_64 (20201001)

Security Fixes : - fontforge: out-of-bounds write in SFDGetFontMetaData function in sfd.c CVE-2020-5395 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid141736; scriptversion"1.3";...

CentOS 7 : fontforge (RHSA-2020:3966)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3966 advisory. - FontForge 20190801 has a use-after-free in SFDGetFontMetaData in sfd.c. CVE-2020-5395 Note that Nessus has not tested for this issue but has instead relied on...

Arbitrary Code Execution

fontforge is vulnerable to arbitrary code execution. An out-of-bounds write in SFDGetFontMetaData function in sfd.c allows an attacker to execute arbitrary code on the host OS...

Moderate: Red Hat Security Advisory: fontforge security update

An update for fontforge is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

RHEL 7 : fontforge (RHSA-2020:3966)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3966 advisory. FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type...

Moderate: Red Hat Security Advisory: fontforge security update

An update for fontforge is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Updated fontforge packages fix security vulnerabilities

FontForge 20190801 has a use-after-free in SFDGetFontMetaData in sfd.c CVE-2020-5395 FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines function in splinesave.c CVE-2020-5496...

CVE-2020-5395

FontForge 20190801 has a use-after-free in SFDGetFontMetaData in sfd.c...

CVE-2020-5395

FontForge 20190801 has a use-after-free in SFDGetFontMetaData in sfd.c...

Code injection

FontForge 20190801 has a use-after-free in SFDGetFontMetaData in sfd.c...

CVE-2020-5395

FontForge 20190801 has a use-after-free in SFDGetFontMetaData in sfd.c...

CVE-2020-5395

FontForge 20190801 contains a use-after-free in SFD_GetFontMetaData() (sfd.c). Affected component: FontForge font editor. Root cause: use-after-free in SFD_GetFontMetaData(). Reported across multiple distributions with remediations: Debian LTS backported fixes to fontforge packages; Red Hat/CentO...

CVE-2020-5395

FontForge 20190801 has a use-after-free in SFDGetFontMetaData in sfd.c...