Use-After-Free Vulnerability in FontForge by FontForge
CVE-2020-5395

8.8HIGH

Key Information:

Vendor

Fontforge

Status
Fontforge
Vendor
CVE Published:
3 January 2020

What is CVE-2020-5395?

FontForge version 20190801 is affected by a use-after-free vulnerability in the SFD_GetFontMetaData function located in sfd.c. This flaw can lead to unauthorized memory access, potentially allowing attackers to exploit the application. Users of this version are advised to apply the latest security updates to mitigate the risks associated with this vulnerability.

References

https://github.com/fontforge/fontforge/issues/4084
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.