FontForge prior 20200314 SFD File Parser out-of-bounds write

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, was found in FontForge. Affected is some unknown processing of the component SFD File Parser. Upgrading to version 20200314 eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1096403402/23/2021VulD...price_0day$0-$5ksee documentation02/23/2021accepted90
1096403302/23/2021VulD...cvss3_meta_tempscore6.3see documentation02/23/2021accepted90
1096403202/23/2021VulD...cvss3_meta_basescore6.3see documentation02/23/2021accepted90
1096403102/23/2021VulD...cvss3_vuldb_tempscore6.302/23/2021accepted90
1096403002/23/2021VulD...cvss3_vuldb_basescore6.302/23/2021accepted90
1096402902/23/2021VulD...cvss2_vuldb_tempscore7.502/23/2021accepted90
1096402802/23/2021VulD...cvss2_vuldb_basescore7.502/23/2021accepted90
1096402702/23/2021VulD...cvss3_vuldb_eXderived from historical data02/23/2021accepted80
1096402602/23/2021VulD...cvss2_vuldb_eNDderived from historical data02/23/2021accepted80
1096402502/23/2021VulD...cvss2_vuldb_rlOFderived from vuldb v3 vector02/23/2021accepted80
1096402402/23/2021VulD...cvss2_vuldb_rcCderived from vuldb v3 vector02/23/2021accepted80
1096402302/23/2021VulD...cvss2_vuldb_aiPderived from vuldb v3 vector02/23/2021accepted80
1096402202/23/2021VulD...cvss2_vuldb_iiPderived from vuldb v3 vector02/23/2021accepted80
1096402102/23/2021VulD...cvss2_vuldb_ciPderived from vuldb v3 vector02/23/2021accepted80
1096402002/23/2021VulD...cvss2_vuldb_auNderived from vuldb v3 vector02/23/2021accepted80
1096401902/23/2021VulD...cvss2_vuldb_acLderived from vuldb v3 vector02/23/2021accepted80
1096401802/23/2021VulD...cvss2_vuldb_avNderived from vuldb v3 vector02/23/2021accepted80
1096401702/23/2021VulD...date1614034800 (02/23/2021)02/23/2021accepted90
1096401602/23/2021VulD...cveCVE-2020-25690mitre.org02/23/2021accepted90
1096401502/23/2021VulD...upgrade_version2020031402/23/2021accepted90

Interested in the pricing of exploits?

See the underground prices here!