CVE-2020-37011

HIGH 7.5

Gnome Fonts Viewer 3.34.0 Heap Corruption

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with an oversized pattern to cause an infinite malloc() loop and potentially crash the gnome-font-viewer process.

CWE	CWE-787
Vendor	gnome
Product	fonts viewer
Published	Jan 29, 2026
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for gnome fonts viewer

Be the first to know when new high vulnerabilities affecting gnome fonts viewer are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

GNOME / Fonts Viewer

3.34.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/48803 help.gnome.org: https://help.gnome.org/ apps.gnome.org: https://apps.gnome.org/FontViewer/ vulncheck.com: https://www.vulncheck.com/advisories/gnome-fonts-viewer-heap-corruption

Credits

Cody Winkler