Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 706778 (CVE-2020-5395)

Summary: <media-gfx/fontforge-20170731-r5: out-of-bounds write in SFD_GetFontMetaData function in sfd.c (CVE-2020-5395)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: floppym, fonts
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/fontforge/fontforge/issues/4084
https://github.com/fontforge/fontforge/pull/4091
Whiteboard: B2 [glsa+ cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2020-01-27 21:05:40 UTC 
CVE-2020-5395 (https://nvd.nist.gov/vuln/detail/CVE-2020-5395):
  An out-of-bounds write was discovered in fontforge while parsing SFD files
  containing very large LayerCount tokens. The flaw allows an attacker to
  overwrite data before a buffer allocated on the heap, thus causing the
  application to crash or execute arbitrary code.
Comment 1 Larry the Git Cow gentoo-dev 2020-01-27 22:02:17 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=915720ab664d4b51e54009945b179578618f5e83

commit 915720ab664d4b51e54009945b179578618f5e83
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2020-01-27 22:01:48 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2020-01-27 22:01:48 +0000

    media-gfx/fontforge: backport fix for CVE-2020-5395
    
    Bug: https://bugs.gentoo.org/706778
    Package-Manager: Portage-2.3.85_p2, Repoman-2.3.20_p36
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 .../{fontforge-20170731-r4.ebuild => fontforge-20170731-r5.ebuild}       | 1 +
 .../{fontforge-20190317-r2.ebuild => fontforge-20190317-r3.ebuild}       | 1 +
 2 files changed, 2 insertions(+)
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-26 21:19:29 UTC 
Tree is clean.
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2020-04-01 20:31:42 UTC 
New GLSA request filed.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2020-04-30 23:06:52 UTC 
This issue was resolved and addressed in
 GLSA 202004-14 at https://security.gentoo.org/glsa/202004-14
by GLSA coordinator Thomas Deutschmann (whissi).