← voltar
CVE-2020-37011

Gnome Fonts Viewer 3.34.0 Heap Corruption

CVSS 8.4 HIGHEPSS 0.4%CWE-787
Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with an oversized pattern to exhaust memory through repeated malloc() calls and potentially crash the gnome-font-viewer process.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
GNOME · Fonts Viewer

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://apps.gnome.org/FontViewer/https://help.gnome.org/https://www.exploit-db.com/exploits/48803https://www.vulncheck.com/advisories/gnome-fonts-viewer-heap-corruption