Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.
References
Configurations
No configuration.
History
21 Nov 2024, 09:00
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2024/03/08/2 - | |
References | () https://fontforge.org/en-US/downloads/ - | |
References | () https://github.com/fontforge/fontforge/pull/5367 - | |
References | () https://lists.debian.org/debian-lts-announce/2024/03/msg00007.html - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCH22HIO2C6M4BZWF5EYIWVFBXL5BQAH/ - |
04 Nov 2024, 19:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-77 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
01 May 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Mar 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Mar 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Feb 2024, 16:32
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-26 16:27
Updated : 2024-11-21 09:00
NVD link : CVE-2024-25082
Mitre link : CVE-2024-25082
CVE.ORG link : CVE-2024-25082
JSON object : View
Products Affected
No product.
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')