CVE-2024-25081
Description
Splinefont in FontForge through 20230101 allows command injection via crafted filenames.
Risk Information
Base Score
4.2
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
EPSS Score
Exploitation Probability
0.039
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2024:0864-1(Desktop Applications Module 15-SP5) fontforge-20200314-150200.3.6.1.x86_64.rpm | Linux |
| SUSE-SU-2024:0864-1(Desktop Applications Module 15-SP5) fontforge-debuginfo-20200314-150200.3.6.1.x86_64.rpm | Linux |
| SUSE-SU-2024:0864-1(Desktop Applications Module 15-SP5) fontforge-debugsource-20200314-150200.3.6.1.x86_64.rpm | Linux |
| fontforge security update(DSA-5641-1) fontforge_20201107~dfsg-4+deb11u1_amd64.deb | Linux |
| fontforge security update(DSA-5641-1) fontforge_20230101~dfsg-1.1~deb12u1_amd64.deb | Linux |
| fontforge Security Update (ALAS-2024-2495) fontforge-20120731b-13.amzn2.0.2.i686.rpm | Linux |
| fontforge Security Update (ALAS-2024-2495) fontforge-20120731b-13.amzn2.0.2.x86_64.rpm | Linux |
| fontforge Security Update (ALAS-2024-2495) fontforge-devel-20120731b-13.amzn2.0.2.x86_64.rpm | Linux |
| fontforge Security Update (ALAS-2024-565) fontforge-20201107-3.amzn2023.0.3.x86_64.rpm | Linux |
| fontforge Security Update (ALAS-2024-565) fontforge-doc-20201107-3.amzn2023.0.3.noarch.rpm | Linux |
| fontforge Security Update (ALAS-2024-565) fontforge-devel-20201107-3.amzn2023.0.3.x86_64.rpm | Linux |
| Free (libre) font editor for Windows, Mac OS X and GNU+Linux (USN-6856-1) fontforge_20190801~dfsg-4ubuntu0.1_amd64.deb | Linux |
| Free (libre) font editor for Windows, Mac OS X and GNU+Linux (USN-6856-1) fontforge_20190801~dfsg-4ubuntu0.1_i386.deb | Linux |
| Free (libre) font editor for Windows, Mac OS X and GNU+Linux (USN-6856-1) fontforge_20201107~dfsg-4+deb11u1build0.22.04.1_amd64.deb | Linux |
| Free (libre) font editor for Windows, Mac OS X and GNU+Linux (USN-6856-1) fontforge_20201107~dfsg-4+deb11u1build0.22.04.1_i386.deb | Linux |
| Free (libre) font editor for Windows, Mac OS X and GNU+Linux (USN-6856-1) fontforge_20230101~dfsg-1ubuntu0.1_amd64.deb | Linux |
| Free (libre) font editor for Windows, Mac OS X and GNU+Linux (USN-6856-1) fontforge_20230101~dfsg-1ubuntu0.1_i386.deb | Linux |
| Free (libre) font editor for Windows, Mac OS X and GNU+Linux (USN-6856-1) python3-fontforge_20190801~dfsg-4ubuntu0.1_amd64.deb | Linux |
| Free (libre) font editor for Windows, Mac OS X and GNU+Linux (USN-6856-1) python3-fontforge_20190801~dfsg-4ubuntu0.1_i386.deb | Linux |
| Free (libre) font editor for Windows, Mac OS X and GNU+Linux (USN-6856-1) python3-fontforge_20201107~dfsg-4+deb11u1build0.22.04.1_amd64.deb | Linux |
| Free (libre) font editor for Windows, Mac OS X and GNU+Linux (USN-6856-1) python3-fontforge_20201107~dfsg-4+deb11u1build0.22.04.1_i386.deb | Linux |
| Free (libre) font editor for Windows, Mac OS X and GNU+Linux (USN-6856-1) python3-fontforge_20230101~dfsg-1ubuntu0.1_amd64.deb | Linux |
| Free (libre) font editor for Windows, Mac OS X and GNU+Linux (USN-6856-1) python3-fontforge_20230101~dfsg-1ubuntu0.1_i386.deb | Linux |
| fontforge Security Update (ALAS2-2024-2495) fontforge-20120731b-13.amzn2.0.2.i686.rpm | Linux |
| fontforge Security Update (ALAS2-2024-2495) fontforge-20120731b-13.amzn2.0.2.x86_64.rpm | Linux |
| fontforge Security Update (ALAS2-2024-2495) fontforge-devel-20120731b-13.amzn2.0.2.x86_64.rpm | Linux |
| fontforge Security Update (ALAS2023-2024-565) fontforge-20201107-3.amzn2023.0.3.x86_64.rpm | Linux |
| fontforge Security Update (ALAS2023-2024-565) fontforge-devel-20201107-3.amzn2023.0.3.x86_64.rpm | Linux |
| fontforge Security Update (ALAS2023-2024-565) fontforge-doc-20201107-3.amzn2023.0.3.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234