Vulnerability Details CVE-2024-25082
Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.3%
CVSS Severity
CVSS v3 Score 6.5
References
- http://www.openwall.com/lists/oss-security/2024/03/08/2
- https://fontforge.org/en-US/downloads/
- https://github.com/fontforge/fontforge/pull/5367
- https://lists.debian.org/debian-lts-announce/2024/03/msg00007.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCH22HIO2C6M4BZWF5EYIWVFBXL5BQAH/
- http://www.openwall.com/lists/oss-security/2024/03/08/2
- https://fontforge.org/en-US/downloads/
- https://github.com/fontforge/fontforge/pull/5367
- https://lists.debian.org/debian-lts-announce/2024/03/msg00007.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCH22HIO2C6M4BZWF5EYIWVFBXL5BQAH/
Products affected by CVE-2024-25082
-
cpe:2.3:a:fontforge:fontforge:2.0.20140101
-
cpe:2.3:a:fontforge:fontforge:2.1.0
-
cpe:2.3:a:fontforge:fontforge:20110222
-
cpe:2.3:a:fontforge:fontforge:20120731
-
cpe:2.3:a:fontforge:fontforge:20140101
-
cpe:2.3:a:fontforge:fontforge:20140813
-
cpe:2.3:a:fontforge:fontforge:20141013
-
cpe:2.3:a:fontforge:fontforge:20141014
-
cpe:2.3:a:fontforge:fontforge:20141126
-
cpe:2.3:a:fontforge:fontforge:20141230
-
cpe:2.3:a:fontforge:fontforge:20150228
-
cpe:2.3:a:fontforge:fontforge:20150330
-
cpe:2.3:a:fontforge:fontforge:20150430
-
cpe:2.3:a:fontforge:fontforge:20150612
-
cpe:2.3:a:fontforge:fontforge:20150824
-
cpe:2.3:a:fontforge:fontforge:20160403
-
cpe:2.3:a:fontforge:fontforge:20160404
-
cpe:2.3:a:fontforge:fontforge:20160930
-
cpe:2.3:a:fontforge:fontforge:20161001
-
cpe:2.3:a:fontforge:fontforge:20161004
-
cpe:2.3:a:fontforge:fontforge:20161005
-
cpe:2.3:a:fontforge:fontforge:20161012
-
cpe:2.3:a:fontforge:fontforge:20170730
-
cpe:2.3:a:fontforge:fontforge:20170731
-
cpe:2.3:a:fontforge:fontforge:20190317
-
cpe:2.3:a:fontforge:fontforge:20190413
-
cpe:2.3:a:fontforge:fontforge:20190801
-
cpe:2.3:a:fontforge:fontforge:20200314
-
cpe:2.3:a:fontforge:fontforge:20201107
-
cpe:2.3:a:fontforge:fontforge:20220308
-
cpe:2.3:a:fontforge:fontforge:20230101
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:fedoraproject:fedora:40