CVE-2020-25690 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-25690 Interim 1 25 2025-02-17T01:13:49Z current 2021-05-30T14:44:14Z 2025-02-17T01:13:49Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-25690 An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2020-December/007920.html E-Mail link for SUSE-SU-2020:3628-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZUXEDXI4LMNYPGQ23AHUPAFPEN5QAEZM/ E-Mail link for openSUSE-SU-2020:2111-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Desktop Applications 15 SP2 SUSE Liberty Linux 8 SUSE Linux Enterprise Module for Desktop Applications 15 SP2 SUSE Linux Enterprise Module for Desktop Applications 15 SP2 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Module for Desktop Applications 15 SP2 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Module for Desktop Applications 15 SP2 SUSE Linux Enterprise Module for Desktop Applications 15 SP2 SUSE Linux Enterprise Module for Desktop Applications 15 SP2 SUSE Linux Enterprise Module for Desktop Applications 15 SP2 openSUSE Leap 15.1 fontforge fontforge-20170731-11.14.1 fontforge-20170731-15.el8 fontforge-20170731-lp151.4.6.1 fontforge-devel-20170731-lp151.4.6.1 fontforge-doc-20170731-lp151.4.6.1 fontforge-20170731-15.el8 as a component of SUSE Liberty Linux 8 fontforge-20170731-11.14.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 fontforge-20170731-lp151.4.6.1 as a component of openSUSE Leap 15.1 fontforge-devel-20170731-lp151.4.6.1 as a component of openSUSE Leap 15.1 fontforge-doc-20170731-lp151.4.6.1 as a component of openSUSE Leap 15.1 fontforge as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2 An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVE-2020-25690 SUSE Liberty Linux 8:fontforge-20170731-15.el8 SUSE Linux Enterprise Software Development Kit 12 SP5:fontforge-20170731-11.14.1 openSUSE Leap 15.1:fontforge-20170731-lp151.4.6.1 openSUSE Leap 15.1:fontforge-devel-20170731-lp151.4.6.1 openSUSE Leap 15.1:fontforge-doc-20170731-lp151.4.6.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP2:fontforge important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H