CVE-2020-5496: Buffer Overflow
First published: Fri Jan 03 2020(Updated: )
FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fontforge Fontforge | =20190801 | |
| openSUSE Leap | =15.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this FontForge vulnerability?
The vulnerability ID for this FontForge vulnerability is CVE-2020-5496.
What is the severity of CVE-2020-5496?
The severity of CVE-2020-5496 is high with a severity value of 8.8.
What is the affected software for CVE-2020-5496?
The affected software for CVE-2020-5496 is FontForge version 20190801 and openSUSE Leap version 15.1.
What is the CWE ID for CVE-2020-5496?
The CWE ID for CVE-2020-5496 is CWE-119 and CWE-787.
How can I fix the vulnerability in FontForge?
To fix the vulnerability in FontForge, update to a version that is not affected.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/fontforge
- canonical/fontforge fontforge
- version/fontforge fontforge/20190801
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1