PT-2020-18453 · Fontforge+5 · Fontforge+5

Fcambus

Published

2020-01-03

Updated

2024-06-15

CVE-2020-5395

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FontForge version 20190801

Description The issue is related to a use-after-free in the SFD GetFontMetaData function located in sfd.c. This indicates a memory management problem where memory is accessed after it has been freed, which can lead to unexpected behavior or crashes. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For FontForge version 20190801, as a temporary workaround, consider restricting access to the SFD GetFontMetaData function in sfd.c until a patch is available. However, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2020:4844

ALT-PU-2020-1542

CESA-2020_1921

CESA-2020_3966

CVE-2020-5395

DLA-3754-1

MGASA-2020-0057

OPENSUSE-SU-2020:0089-1

OPENSUSE-SU-2020:2111-1

OPENSUSE-SU-2020_0089-1

OPENSUSE-SU-2020_2111-1

OPENSUSE-SU-2024:10763-1

RHSA-2020:1921

RHSA-2020:3966

RHSA-2020_1921

RHSA-2020_3966

SUSE-SU-2020:0118-1

SUSE-SU-2020:0393-1

SUSE-SU-2020:3628-1

SUSE-SU-2020_0118-1

SUSE-SU-2020_0393-1

Affected Products

Alt Linux

Astra Linux

Centos

Fontforge

Red Hat

Suse

PT-2020-18453 · Fontforge+5 · Fontforge+5

CVE-2020-5395

Weakness Enumeration

Related Identifiers

Affected Products

References · 38