Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

ALAS-2024-2495

Related Vulnerabilities: CVE-2024-25081   CVE-2024-25082  

Splinefont in FontForge through 20230101 allows command injection via crafted filenames. (CVE-2024-25081) Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files. (CVE-2024-25082)

Source

ALAS-2024-2495

Amazon Linux 2 Security Advisory: ALAS-2024-2495
Advisory Release Date: 2024-03-13 20:26 Pacific
Advisory Updated Date: 2024-03-18 20:24 Pacific
Severity: Medium
Issue Overview:

Splinefont in FontForge through 20230101 allows command injection via crafted filenames. (CVE-2024-25081)

Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files. (CVE-2024-25082)


Affected Packages:

fontforge


Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update fontforge to update your system.

New Packages:
aarch64:
    fontforge-20120731b-13.amzn2.0.2.aarch64
    fontforge-devel-20120731b-13.amzn2.0.2.aarch64
    fontforge-debuginfo-20120731b-13.amzn2.0.2.aarch64

i686:
    fontforge-20120731b-13.amzn2.0.2.i686
    fontforge-devel-20120731b-13.amzn2.0.2.i686
    fontforge-debuginfo-20120731b-13.amzn2.0.2.i686

src:
    fontforge-20120731b-13.amzn2.0.2.src

x86_64:
    fontforge-20120731b-13.amzn2.0.2.x86_64
    fontforge-devel-20120731b-13.amzn2.0.2.x86_64
    fontforge-debuginfo-20120731b-13.amzn2.0.2.x86_64

Additional References

Red Hat: CVE-2024-25081, CVE-2024-25082

Mitre: CVE-2024-25081, CVE-2024-25082

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook
Vulmon Logo
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started