CVE-2020-5496 (NVD)

2020-01-03

FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c.

Products Fontforge, Leap
Type Out-of-bounds Write (CWE-787)
First patch - None (likely due to unavailable code)
Links https://lists.debian.org/debian-lts-announce/2024/03/msg00007.html
https://security.gentoo.org/glsa/202004-14
https://github.com/fontforge/fontforge/issues/4085
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00041.html