vulnerability
Red Hat: CVE-2020-25690: CVE-2020-25690 fontforge: SFD_GetFontMetaData() insufficient CVE-2020-5395 backport (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Feb 23, 2021 | Dec 15, 2023 | Aug 11, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Feb 23, 2021
Added
Dec 15, 2023
Modified
Aug 11, 2025
Description
An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Solutions
redhat-upgrade-fontforgeredhat-upgrade-fontforge-debuginforedhat-upgrade-fontforge-debugsource
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.