CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-25690

An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 73.7%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

Products affected by CVE-2020-25690

Fontforge » Fontforge » Version: 2.0.20140101

cpe:2.3:a:fontforge:fontforge:2.0.20140101
Fontforge » Fontforge » Version: 2.1.0

cpe:2.3:a:fontforge:fontforge:2.1.0
Fontforge » Fontforge » Version: 20110222

cpe:2.3:a:fontforge:fontforge:20110222
Fontforge » Fontforge » Version: 20120731

cpe:2.3:a:fontforge:fontforge:20120731
Fontforge » Fontforge » Version: 20140101

cpe:2.3:a:fontforge:fontforge:20140101
Fontforge » Fontforge » Version: 20140813

cpe:2.3:a:fontforge:fontforge:20140813
Fontforge » Fontforge » Version: 20141013

cpe:2.3:a:fontforge:fontforge:20141013
Fontforge » Fontforge » Version: 20141014

cpe:2.3:a:fontforge:fontforge:20141014
Fontforge » Fontforge » Version: 20141126

cpe:2.3:a:fontforge:fontforge:20141126
Fontforge » Fontforge » Version: 20141230

cpe:2.3:a:fontforge:fontforge:20141230
Fontforge » Fontforge » Version: 20150228

cpe:2.3:a:fontforge:fontforge:20150228
Fontforge » Fontforge » Version: 20150330

cpe:2.3:a:fontforge:fontforge:20150330
Fontforge » Fontforge » Version: 20150430

cpe:2.3:a:fontforge:fontforge:20150430
Fontforge » Fontforge » Version: 20150612

cpe:2.3:a:fontforge:fontforge:20150612
Fontforge » Fontforge » Version: 20150824

cpe:2.3:a:fontforge:fontforge:20150824
Fontforge » Fontforge » Version: 20160403

cpe:2.3:a:fontforge:fontforge:20160403
Fontforge » Fontforge » Version: 20160404

cpe:2.3:a:fontforge:fontforge:20160404
Fontforge » Fontforge » Version: 20160930

cpe:2.3:a:fontforge:fontforge:20160930
Fontforge » Fontforge » Version: 20161001

cpe:2.3:a:fontforge:fontforge:20161001
Fontforge » Fontforge » Version: 20161004

cpe:2.3:a:fontforge:fontforge:20161004
Fontforge » Fontforge » Version: 20161005

cpe:2.3:a:fontforge:fontforge:20161005
Fontforge » Fontforge » Version: 20161012

cpe:2.3:a:fontforge:fontforge:20161012
Fontforge » Fontforge » Version: 20170730

cpe:2.3:a:fontforge:fontforge:20170730
Fontforge » Fontforge » Version: 20170731

cpe:2.3:a:fontforge:fontforge:20170731
Fontforge » Fontforge » Version: 20190317

cpe:2.3:a:fontforge:fontforge:20190317
Fontforge » Fontforge » Version: 20190413

cpe:2.3:a:fontforge:fontforge:20190413
Fontforge » Fontforge » Version: 20190801

cpe:2.3:a:fontforge:fontforge:20190801

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-25690

Products

Pricing

Contact Us