Aqua Vulnerability Database
Get Demo
Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities
CVE-2024-25081
Published:
Feb 26, 2024
| Modified:
May 01, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVD
https://nvd.nist.gov/vuln/detail/CVE-2024-25081
CWE
https://cwe.mitre.org/data/definitions/.html
Splinefont in FontForge through 20230101 allows command injection via crafted filenames.
References
http://www.openwall.com/lists/oss-security/2024/03/08/2
https://fontforge.org/en-US/downloads/
https://github.com/fontforge/fontforge/pull/5367
https://lists.debian.org/debian-lts-announce/2024/03/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCH22HIO2C6M4BZWF5EYIWVFBXL5BQAH/
Aqua Container Security