Vulnerability Details CVE-2020-5496
FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00041.html
- https://github.com/fontforge/fontforge/issues/4085
- https://lists.debian.org/debian-lts-announce/2024/03/msg00007.html
- https://security.gentoo.org/glsa/202004-14
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00041.html
- https://github.com/fontforge/fontforge/issues/4085
- https://lists.debian.org/debian-lts-announce/2024/03/msg00007.html
- https://security.gentoo.org/glsa/202004-14