An out-of-bounds write exists in fontforge while parsing SFD files containing very large LayerCount tokens. The flaw allows an malicious user to overwrite data before a buffer allocated on the heap, thus causing the application to crash or execute arbitrary code. (CVE-2020-5395)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fontforge fontforge 20190801 |
||
fedoraproject fedora 31 |
||
opensuse leap 15.1 |