First published: Fri Jan 03 2020(Updated: )
FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Fontforge Fontforge | =20190801 | |
Fedoraproject Fedora | =31 | |
openSUSE Leap | =15.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-5395.
The severity of CVE-2020-5395 is high with a CVSS score of 8.8.
The affected software includes FontForge 20190801, Fedora 31, and openSUSE Leap 15.1.
CVE-2020-5395 is a use-after-free vulnerability in the SFD_GetFontMetaData function in sfd.c in FontForge 20190801.
There is currently no known fix for CVE-2020-5395. It is recommended to update to a fixed version if available, or follow any mitigation steps provided by the vendor.