CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
AI Score
Confidence
Low
It was discovered that FontForge incorrectly handled filenames. If a user or an
automated system were tricked into opening a specially crafted input file, a
remote attacker could possibly use this issue to perform a command injection.
(CVE-2024-25081)
It was discovered that FontForge incorrectly handled archives and compressed
files. If a user or an automated system were tricked into opening a specially
crafted input file, a remote attacker could possibly use this issue to perform
command injection. (CVE-2024-25082)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 23.10 | noarch | fontforge | < 1:20230101~dfsg-1ubuntu0.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | fontforge-common | < 1:20230101~dfsg-1ubuntu0.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | fontforge-dbgsym | < 1:20230101~dfsg-1ubuntu0.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | fontforge-doc | < 1:20230101~dfsg-1ubuntu0.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | fontforge-extras | < 1:20230101~dfsg-1ubuntu0.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | fontforge-extras-dbgsym | < 1:20230101~dfsg-1ubuntu0.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | fontforge-nox | < 1:20230101~dfsg-1ubuntu0.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | fontforge-nox-dbgsym | < 1:20230101~dfsg-1ubuntu0.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | libfontforge4 | < 1:20230101~dfsg-1ubuntu0.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | libfontforge4-dbgsym | < 1:20230101~dfsg-1ubuntu0.1 | UNKNOWN |