[Bugs] [Bug 13492] New: [CVE 21] fontforge 1.0 CVEs found

[bugzilla]

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13492

          Platform: 2021.1
            Bug ID: 13492
           Summary: [CVE 21] fontforge 1.0  CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2020-25690,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: e.kosachev на rosalinux.ru, s.matveev на rosalinux.ru,
                    y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package fontforge version 1.0

INFO (CVEs are): fontforge 1.0
 cves found
CVE-2020-25690
Desc: An out-of-bounds write flaw was found in FontForge in versions before
20200314 while parsing SFD files containing certain LayerCount tokens. This
flaw allows an attacker to manipulate the memory allocated on the heap, causing
the application to crash or execute arbitrary code. The highest threat from
this vulnerability is to confidentiality, integrity, as well as system
availability.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-25690
Severity: HIGH

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230823/bea89e72/attachment.html>