INFSA-2024:9439: FontForge security update
Information about definition
Identificator: INFSA-2024:9439
Type: security
Release date: 2024-12-13 11:45:35 UTC
Information about package
FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed fonts.
Vulnerabilities description
- CVE-2024-25081
Splinefont in FontForge through 20230101 allows command injection via crafted filenames.
- CVE-2024-25082
Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-25081
|
no information | 4.2 | no information |
|
NIST — CVE-2024-25082
|
no information | 4.2 | no information |
Updated packages