{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2020-25690","title":"Title"},{"category":"description","text":"An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2020-25690","url":"https://www.suse.com/security/cve/CVE-2020-25690"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1178308 for CVE-2020-25690","url":"https://bugzilla.suse.com/1178308"},{"category":"external","summary":"Advisory link for SUSE-SU-2020:3628-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2020-December/007920.html"},{"category":"external","summary":"Advisory link for openSUSE-SU-2020:2111-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZUXEDXI4LMNYPGQ23AHUPAFPEN5QAEZM/"}],"title":"SUSE CVE CVE-2020-25690","tracking":{"current_release_date":"2025-10-07T02:50:08Z","generator":{"date":"2023-02-15T03:53:38Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2020-25690","initial_release_date":"2023-02-15T03:53:38Z","revision_history":[{"date":"2023-02-15T03:53:38Z","number":"2","summary":"Current version"},{"date":"2025-01-01T05:16:00Z","number":"3","summary":"Current version"},{"date":"2025-01-10T03:07:20Z","number":"4","summary":"Current version"},{"date":"2025-02-15T05:54:42Z","number":"5","summary":"Current version"},{"date":"2025-02-17T06:16:05Z","number":"6","summary":"Current version"},{"date":"2025-03-15T09:39:53Z","number":"7","summary":"Current version"},{"date":"2025-04-25T05:17:41Z","number":"8","summary":"Current version"},{"date":"2025-10-07T02:50:08Z","number":"9","summary":"Current version"}],"status":"interim","version":"9"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Enterprise Storage 7","product":{"name":"SUSE Enterprise Storage 7","product_id":"SUSE Enterprise Storage 7","product_identification_helper":{"cpe":"cpe:/o:suse:ses:7"}}},{"category":"product_name","name":"SUSE Liberty Linux 8","product":{"name":"SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8","product_identification_helper":{"cpe":"cpe:/o:suse:sll:8"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 15 SP2","product":{"name":"SUSE Linux Enterprise Desktop 15 SP2","product_id":"SUSE Linux Enterprise Desktop 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sled:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP2","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP2","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Desktop Applications 15 SP2","product":{"name":"SUSE Linux Enterprise Module for Desktop Applications 15 SP2","product_id":"SUSE Linux Enterprise Module for Desktop Applications 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-desktop-applications:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP5","product":{"name":"SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP2","product":{"name":"SUSE Linux Enterprise Server 15 SP2","product_id":"SUSE Linux Enterprise Server 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP2","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Software Development Kit 12 SP5","product":{"name":"SUSE Linux Enterprise Software Development Kit 12 SP5","product_id":"SUSE Linux Enterprise Software Development Kit 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sle-sdk:12:sp5"}}},{"category":"product_name","name":"SUSE Manager Proxy 4.1","product":{"name":"SUSE Manager Proxy 4.1","product_id":"SUSE Manager Proxy 4.1","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-proxy:4.1"}}},{"category":"product_name","name":"SUSE Manager Retail Branch Server 4.1","product":{"name":"SUSE Manager Retail Branch Server 4.1","product_id":"SUSE Manager Retail Branch Server 4.1","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-retail-branch-server:4.1"}}},{"category":"product_name","name":"SUSE Manager Server 4.1","product":{"name":"SUSE Manager Server 4.1","product_id":"SUSE Manager Server 4.1","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-server:4.1"}}},{"category":"product_name","name":"openSUSE Leap 15.1","product":{"name":"openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.1"}}},{"category":"product_version","name":"fontforge","product":{"name":"fontforge","product_id":"fontforge","product_identification_helper":{"cpe":"cpe:2.3:a:fontforge:fontforge:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fontforge@?upstream=fontforge.src.rpm"}}},{"category":"product_version","name":"fontforge-20170731-11.14.1","product":{"name":"fontforge-20170731-11.14.1","product_id":"fontforge-20170731-11.14.1","product_identification_helper":{"cpe":"cpe:2.3:a:fontforge:fontforge:20170731:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fontforge@20170731-11.14.1?upstream=fontforge-20170731-11.14.1.src.rpm"}}},{"category":"product_version","name":"fontforge-20170731-15.el8","product":{"name":"fontforge-20170731-15.el8","product_id":"fontforge-20170731-15.el8","product_identification_helper":{"cpe":"cpe:2.3:a:fontforge:fontforge:20170731:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fontforge@20170731-15.el8?upstream=fontforge-20170731-15.el8.src.rpm"}}},{"category":"product_version","name":"fontforge-20170731-lp151.4.6.1","product":{"name":"fontforge-20170731-lp151.4.6.1","product_id":"fontforge-20170731-lp151.4.6.1","product_identification_helper":{"cpe":"cpe:2.3:a:fontforge:fontforge:20170731:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fontforge@20170731-lp151.4.6.1?upstream=fontforge-20170731-lp151.4.6.1.src.rpm"}}},{"category":"product_version","name":"fontforge-devel-20170731-lp151.4.6.1","product":{"name":"fontforge-devel-20170731-lp151.4.6.1","product_id":"fontforge-devel-20170731-lp151.4.6.1","product_identification_helper":{"cpe":"cpe:2.3:a:fontforge:fontforge:20170731:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fontforge-devel@20170731-lp151.4.6.1?upstream=fontforge-20170731-lp151.4.6.1.src.rpm"}}},{"category":"product_version","name":"fontforge-doc-20170731-lp151.4.6.1","product":{"name":"fontforge-doc-20170731-lp151.4.6.1","product_id":"fontforge-doc-20170731-lp151.4.6.1","product_identification_helper":{"cpe":"cpe:2.3:a:fontforge:fontforge:20170731:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fontforge-doc@20170731-lp151.4.6.1?upstream=fontforge-20170731-lp151.4.6.1.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"fontforge-20170731-15.el8 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:fontforge-20170731-15.el8"},"product_reference":"fontforge-20170731-15.el8","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"fontforge-20170731-11.14.1 as component of SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5:fontforge-20170731-11.14.1"},"product_reference":"fontforge-20170731-11.14.1","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"fontforge-20170731-11.14.1 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5:fontforge-20170731-11.14.1"},"product_reference":"fontforge-20170731-11.14.1","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"fontforge-20170731-11.14.1 as component of SUSE Linux Enterprise Software Development Kit 12 SP5","product_id":"SUSE Linux Enterprise Software Development Kit 12 SP5:fontforge-20170731-11.14.1"},"product_reference":"fontforge-20170731-11.14.1","relates_to_product_reference":"SUSE Linux Enterprise Software Development Kit 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"fontforge-20170731-lp151.4.6.1 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:fontforge-20170731-lp151.4.6.1"},"product_reference":"fontforge-20170731-lp151.4.6.1","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"fontforge-devel-20170731-lp151.4.6.1 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:fontforge-devel-20170731-lp151.4.6.1"},"product_reference":"fontforge-devel-20170731-lp151.4.6.1","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"fontforge-doc-20170731-lp151.4.6.1 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:fontforge-doc-20170731-lp151.4.6.1"},"product_reference":"fontforge-doc-20170731-lp151.4.6.1","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server 15 SP2","product_id":"SUSE Linux Enterprise Server 15 SP2:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Desktop 15 SP2","product_id":"SUSE Linux Enterprise Desktop 15 SP2:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise High Performance Computing 15 SP2","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Manager Server 4.1","product_id":"SUSE Manager Server 4.1:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Manager Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Manager Proxy 4.1","product_id":"SUSE Manager Proxy 4.1:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Manager Proxy 4.1"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Manager Retail Branch Server 4.1","product_id":"SUSE Manager Retail Branch Server 4.1:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Enterprise Storage 7","product_id":"SUSE Enterprise Storage 7:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Enterprise Storage 7"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2","product_id":"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Module for Desktop Applications 15 SP2"}]},"vulnerabilities":[{"cve":"CVE-2020-25690","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-25690"}],"notes":[{"category":"general","text":"An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Enterprise Storage 7:fontforge","SUSE Linux Enterprise Desktop 15 SP2:fontforge","SUSE Linux Enterprise High Performance Computing 15 SP2:fontforge","SUSE Linux Enterprise Module for Desktop Applications 15 SP2:fontforge","SUSE Linux Enterprise Server 15 SP2:fontforge","SUSE Linux Enterprise Server for SAP Applications 15 SP2:fontforge","SUSE Manager Proxy 4.1:fontforge","SUSE Manager Retail Branch Server 4.1:fontforge","SUSE Manager Server 4.1:fontforge"],"recommended":["SUSE Liberty Linux 8:fontforge-20170731-15.el8","SUSE Linux Enterprise Server 12 SP5:fontforge-20170731-11.14.1","SUSE Linux Enterprise Server for SAP Applications 12 SP5:fontforge-20170731-11.14.1","SUSE Linux Enterprise Software Development Kit 12 SP5:fontforge-20170731-11.14.1","openSUSE Leap 15.1:fontforge-20170731-lp151.4.6.1","openSUSE Leap 15.1:fontforge-devel-20170731-lp151.4.6.1","openSUSE Leap 15.1:fontforge-doc-20170731-lp151.4.6.1"]},"references":[{"category":"external","summary":"CVE-2020-25690","url":"https://www.suse.com/security/cve/CVE-2020-25690"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1178308 for CVE-2020-25690","url":"https://bugzilla.suse.com/1178308"},{"category":"external","summary":"Advisory link for SUSE-SU-2020:3628-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2020-December/007920.html"},{"category":"external","summary":"Advisory link for openSUSE-SU-2020:2111-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZUXEDXI4LMNYPGQ23AHUPAFPEN5QAEZM/"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Liberty Linux 8:fontforge-20170731-15.el8","SUSE Linux Enterprise Server 12 SP5:fontforge-20170731-11.14.1","SUSE Linux Enterprise Server for SAP Applications 12 SP5:fontforge-20170731-11.14.1","SUSE Linux Enterprise Software Development Kit 12 SP5:fontforge-20170731-11.14.1","openSUSE Leap 15.1:fontforge-20170731-lp151.4.6.1","openSUSE Leap 15.1:fontforge-devel-20170731-lp151.4.6.1","openSUSE Leap 15.1:fontforge-doc-20170731-lp151.4.6.1"]}],"scores":[{"cvss_v3":{"baseScore":7.3,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Liberty Linux 8:fontforge-20170731-15.el8","SUSE Linux Enterprise Server 12 SP5:fontforge-20170731-11.14.1","SUSE Linux Enterprise Server for SAP Applications 12 SP5:fontforge-20170731-11.14.1","SUSE Linux Enterprise Software Development Kit 12 SP5:fontforge-20170731-11.14.1","openSUSE Leap 15.1:fontforge-20170731-lp151.4.6.1","openSUSE Leap 15.1:fontforge-devel-20170731-lp151.4.6.1","openSUSE Leap 15.1:fontforge-doc-20170731-lp151.4.6.1"]}],"threats":[{"category":"impact","date":"2020-10-30T14:04:57Z","details":"important"}],"title":"CVE-2020-25690"}]}