Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 706778 (CVE-2020-5395) - <media-gfx/fontforge-20170731-r5: out-of-bounds write in SFD_GetFontMetaData function in sfd.c (CVE-2020-5395)
Summary: <media-gfx/fontforge-20170731-r5: out-of-bounds write in SFD_GetFontMetaData ...
Alias: CVE-2020-5395
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa+ cve]
Depends on:
Reported: 2020-01-27 21:05 UTC by GLSAMaker/CVETool Bot
Modified: 2020-04-30 23:06 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2020-01-27 21:05:40 UTC
CVE-2020-5395 (
  An out-of-bounds write was discovered in fontforge while parsing SFD files
  containing very large LayerCount tokens. The flaw allows an attacker to
  overwrite data before a buffer allocated on the heap, thus causing the
  application to crash or execute arbitrary code.
Comment 1 Larry the Git Cow gentoo-dev 2020-01-27 22:02:17 UTC
The bug has been referenced in the following commit(s):

commit 915720ab664d4b51e54009945b179578618f5e83
Author:     Mike Gilbert <>
AuthorDate: 2020-01-27 22:01:48 +0000
Commit:     Mike Gilbert <>
CommitDate: 2020-01-27 22:01:48 +0000

    media-gfx/fontforge: backport fix for CVE-2020-5395
    Package-Manager: Portage-2.3.85_p2, Repoman-2.3.20_p36
    Signed-off-by: Mike Gilbert <>

 .../{fontforge-20170731-r4.ebuild => fontforge-20170731-r5.ebuild}       | 1 +
 .../{fontforge-20190317-r2.ebuild => fontforge-20190317-r3.ebuild}       | 1 +
 2 files changed, 2 insertions(+)
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-26 21:19:29 UTC
Tree is clean.
Comment 3 Thomas Deutschmann gentoo-dev 2020-04-01 20:31:42 UTC
New GLSA request filed.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2020-04-30 23:06:52 UTC
This issue was resolved and addressed in
 GLSA 202004-14 at
by GLSA coordinator Thomas Deutschmann (whissi).