Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2020-5395

Published: 03/01/2020 Updated: 08/03/2024
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Fontforge

Vulnerability Summary

An out-of-bounds write exists in fontforge while parsing SFD files containing very large LayerCount tokens. The flaw allows an malicious user to overwrite data before a buffer allocated on the heap, thus causing the application to crash or execute arbitrary code. (CVE-2020-5395)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fontforge fontforge 20190801

fedoraproject fedora 31

opensuse leap 15.1

Vendor Advisories

Debian CVElist Bug Report Logs: fontforge: CVE-2020-5395 CVE-2020-5496
Debian Bug report logs - #948231 fontforge: CVE-2020-5395 CVE-2020-5496 Package: fontforge; Maintainer for fontforge is Debian Fonts Task Force <pkg-fonts-devel@listsaliothdebianorg>; Source for fontforge is src:fontforge (PTS, buildd, popcon) Reported by: Markus Koschany <apo@debianorg> Date: Sun, 5 Jan 2020 17 ...
Red Hat: Moderate: fontforge security update
Synopsis Moderate: fontforge security update Type/Severity Security Advisory: Moderate Topic An update for fontforge is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...
Red Hat: Moderate: fontforge security update
Synopsis Moderate: fontforge security update Type/Severity Security Advisory: Moderate Topic An update for fontforge is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...
Amazon Linux 2: ALAS2-2020-1514
An out-of-bounds write was discovered in fontforge while parsing SFD files containing very large LayerCount tokens The flaw allows an attacker to overwrite data before a buffer allocated on the heap, thus causing the application to crash or execute arbitrary code (CVE-2020-5395) ...

References

CWE-416https://github.com/fontforge/fontforge/issues/4084http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00041.htmlhttps://security.gentoo.org/glsa/202004-14https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2S75EAVF4KPCH3WFBMZADUAU7EAXA7ZQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MH6PKVQLBKIO7LQPDXB3MKI5I6AMDCN6/https://lists.debian.org/debian-lts-announce/2024/03/msg00007.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948231https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2020-1514.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook