CVE-2020-25690

2021-02-23T00:00:00
ID UB:CVE-2020-25690
Type ubuntucve
Reporter ubuntu.com
Modified 2021-02-23T00:00:00

Description

An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Notes

Author| Note
---|---
amurray | This is a Red Hat specific CVE due to an insufficient backport of the upstream patch in CVE-2020-5395. Since that CVE is not yet patched in Ubuntu, I am adding this CVE to be tracked so we don't make the same mistake.