FontForge 20190801 sfd.c SFD_GetFontMetaData Metadata memory corruption
| CVSS Meta Temp Score | Current Exploit Price (β) | CTI Interest Score |
|---|---|---|
| 5.5 | $0-$5k | 3.97+ |
A vulnerability has been found in FontForge 20190801 and classified as critical. Affected by this vulnerability is the function SFD_GetFontMetaData of the file sfd.c. The manipulation as part of a Metadata leads to a memory corruption vulnerability (Use-After-Free). The CWE definition for the vulnerability is CWE-119. As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was shared 01/03/2020. This vulnerability is known as CVE-2020-5395 since 01/03/2020. Technical details of the vulnerability are known, but there is no available exploit. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 01/04/2020).
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
The entry 148280 is related to this item.
Name
VulDB Meta Base Score: 5.5
VulDB Meta Temp Score: 5.5
VulDB Base Score: β5.5
VulDB Temp Score: β5.5
VulDB Vector: π
VulDB Reliability: π
VulDB Base Score: π
VulDB Temp Score: π
VulDB Reliability: π
Class: Memory corruption / Use-After-Free (CWE-119)
Local: Yes
Remote: No
Availability: π
Status: Not defined
Price Prediction: π
Current Price Estimation: π
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Threat: π
Adversaries: π
Geopolitics: π
Economy: π
Predictions: π
Remediation: πRecommended: no mitigation known
0-Day Time: π
01/03/2020 Advisory disclosed
01/03/2020 CVE assigned
01/04/2020 VulDB entry created
01/04/2020 VulDB last update
CVE: CVE-2020-5395 (π)
See also: πCreated: 01/04/2020 11:35 AM
Complete: π
Enable the mail alert feature now!
https://vuldb.com/?id.148279
Gloss