This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Fontforge First view 2019-08-29
Product Fontforge Last view 2021-02-23
Version 20190801 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:fontforge:fontforge

Activity : Overall

Related : CVE

  Date Alert Description
8.8 2021-02-23 CVE-2020-25690

An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.8 2020-01-03 CVE-2020-5496

FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c.

8.8 2020-01-03 CVE-2020-5395

FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.

9.8 2019-08-29 CVE-2019-15785

FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c.

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
25% (1) CWE-787 Out-of-bounds Write
25% (1) CWE-416 Use After Free