ГлавнаяУязвимости → CVE-2020-37011
7.5высокая

CVE-2020-37011

Описание

Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with an oversized pattern to exhaust memory through repeated malloc() calls and potentially crash the gnome-font-viewer process.

CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Источники
https://apps.gnome.org/FontViewer/https://help.gnome.org/https://www.exploit-db.com/exploits/48803https://www.vulncheck.com/advisories/gnome-fonts-viewer-heap-corruptionhttps://www.exploit-db.com/exploits/48803