Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-25081

Published: 26/02/2024 Updated: 01/05/2024

Vulnerability Summary

Splinefont in FontForge through 20230101 allows command injection via crafted filenames.

Vulnerability Trend

Vendor Advisories

Debian CVElist Bug Report Logs: fontforge: CVE-2024-25081 CVE-2024-25082
Debian Bug report logs - #1064967 fontforge: CVE-2024-25081 CVE-2024-25082 Package: src:fontforge; Maintainer for src:fontforge is Debian Fonts Task Force <debian-fonts@listsdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Wed, 28 Feb 2024 14:48:02 UTC Severity: grave Tags: security Reply or ...
Amazon Linux 2: ALAS-2024-2495
Splinefont in FontForge through 20230101 allows command injection via crafted filenames (CVE-2024-25081) Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files (CVE-2024-25082) ...

Mailing Lists

Full Disclosure: Vulnerabilties in FontTools & FontForge
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Vulnerabilties in FontTools &amp; FontForge <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Alan Coopersmith &lt; ...

Recent Articles

Font security 'still a Helvetica of a problem' says Australian graphics outfit Canva
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Who knew that unzipping a font archive could unleash a malicious file

Online graphic design platform Canva went looking for security problems in fonts, and found three – in "strange places." On its engineering blog, the Australian outfit explained it's "continuously looking for ways to uplift the security of [its] processes, software, supply chain, and tools," leading it to the "less explored attack surfaces, such as fonts that present a complex and prevalent part of graphics processing." That effort yielded three type-related vulns. CVE-2023-45139 is a high-sev...

Read more...

References

https://fontforge.org/en-US/downloads/https://github.com/fontforge/fontforge/pull/5367https://lists.debian.org/debian-lts-announce/2024/03/msg00007.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCH22HIO2C6M4BZWF5EYIWVFBXL5BQAH/http://www.openwall.com/lists/oss-security/2024/03/08/2https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064967https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2024-2495.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook