CVE-2020-5496Out-of-bounds Write in Fontforge

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow6 documents6 sources
Severity
8.8HIGHNVD
EPSS
0.2%
top 57.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
FontforgeDebian FontforgeOpensuse Leap
Timeline
PublishedJan 3
Latest updateMay 24

Description

FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

debiandebian/fontforge< fontforge 1:20201107~dfsg-1 (bookworm)
Debianfontforge/fontforge< 1:20201107~dfsg-1+3
NVDfontforge/fontforge20190801
NVDopensuse/leap15.1

🔴Vulnerability Details

2
GHSA
GHSA-v4hc-3q2q-94jp: FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave2022-05-24
OSV
CVE-2020-5496: FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave2020-01-03

📋Vendor Advisories

2
Red Hat
fontforge: heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c2020-01-07
Debian
CVE-2020-5496: fontforge - FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() ...2020

💬Community

1
Bugzilla
CVE-2020-5496 fontforge: heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c2020-01-07
CVE-2020-5496 — Out-of-bounds Write in Debian Fontforge | cvebase