VDB
CVE-2020-37011
CVE-2020-37011
PUBLISHED
Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with an oversized pattern to cause an infinite malloc() loop and potentially crash the gnome-font-viewer process.
EPSS 0.02% · 3.6th percentile
Risk Scores
EPSS Score
0.02%
3.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | gnome-font-viewer | 0, 3.34.0-2, 3.34.0-1 |
| Ubuntu:16.04:LTS | gnome-font-viewer | 0, 3.16.2-1, 3.16.2-1ubuntu1 |
| Ubuntu:25.10 | gnome-font-viewer | 48.0-2, 0, 48.0-1 |
| Ubuntu:24.04:LTS | gnome-font-viewer | 46.0-1build1, 46.0-1, 0 |
| Ubuntu:18.04:LTS | gnome-font-viewer | 3.26.0-2, 3.27.90-1, 3.26.0-3 |
| Ubuntu:22.04:LTS | gnome-font-viewer | 41.0-2, 41.0-1, 0 |
Exploit Intelligence
- CIRCL seen: CVE-2020-37011 (circl-sighting)
- Gnome Official Website (circl)
- Gnome Font Viewer App Webpage (circl)
- VulnCheck Advisory: Gnome Fonts Viewer 3.34.0 Heap Corruption (circl)
- ExploitDB-48803 (cve.org)
Timeline
- Jan 29, 2026 CVE Published
- Jan 29, 2026 PoC Published
- Jan 30, 2026 EPSS Score
- Feb 1, 2026 EPSS Score
- Feb 4, 2026 EPSS Score
- Feb 6, 2026 EPSS Score
- Feb 9, 2026 EPSS Score
- Feb 11, 2026 EPSS Score
- Feb 14, 2026 EPSS Score
- Feb 16, 2026 EPSS Score
- Feb 19, 2026 EPSS Score
- Feb 21, 2026 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-37011 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-37011 third-party-advisory
- https://www.exploit-db.com/exploits/48803 third-party-advisory
- https://apps.gnome.org/FontViewer/ third-party-advisory
- https://www.vulncheck.com/advisories/gnome-fonts-viewer-heap-corruption third-party-advisory