New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Heap-based buffer overflow in the Type2NotDefSplines() function #4085
Labels
�unțrușted inꝑüt�
This bug was found, probably with a fuzzer, and requires some kind of unlikely untrusted input.
Comments
|
This issue has been assigned CVE-2020-5496. |
|
Weird -- that implies the problem was downstream of #4084, which was the only one I fixed first. The relations between these fuzzing symptoms can be counter-intuitive. I guess we can close this. |
|
Don't mind if I do |
erictapen
added a commit
to erictapen/nixpkgs
that referenced
this issue
May 25, 2020
These CVEs have two different issues being tagged as 'Exploit'. CVE-2020-5395 [0]: fontforge/fontforge#4084 CVE-2020-5496 [1]: fontforge/fontforge#4085 Both issues refer to [2] as a fix, so I guess this patch fixes it. [0] https://nvd.nist.gov/vuln/detail/CVE-2020-5395 [1] https://nvd.nist.gov/vuln/detail/CVE-2020-5496 [2] fontforge/fontforge@048a91e
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
�unțrușted inꝑüt�
This bug was found, probably with a fuzzer, and requires some kind of unlikely untrusted input.
Hi,
While fuzzing FontForge with AFL, I found a heap-based buffer overflow in the Type2NotDefSplines() function, in splinesave.c.
Attaching a reproducer (gzipped so GitHub accepts it): test02.sfd.gz
Issue can be reproduced in FontForge 20190801 and with latest Git master by running:
The text was updated successfully, but these errors were encountered: