PatchSiren cyber security CVE debrief
CVE-2020-37011 GNOME CVE debrief
A heap corruption vulnerability exists in GNOME Fonts Viewer 3.34.0 that can be triggered through maliciously crafted TTF font files. The vulnerability involves an out-of-bounds write condition that attackers may exploit by supplying a specially crafted font with an oversized pattern, leading to memory exhaustion through repeated memory allocation calls and potential process crash. The CVSS 4.0 vector indicates local attack vector with low attack complexity, no privileges required, but user interaction needed, with high impacts to confidentiality, integrity, and availability. The vulnerability is classified as CWE-787 (Out-of-bounds Write). The CVE record shows a deferred status in the NVD. No known exploitation in ransomware campaigns has been documented, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- GNOME
- Product
- Fonts Viewer
- CVSS
- HIGH 8.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-29
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-01-29
- Advisory updated
- 2026-05-26
Who should care
Organizations running GNOME desktop environments on Linux workstations, particularly those in design, publishing, or creative industries where font file handling is routine. System administrators managing multi-user Linux deployments with GNOME components. Security teams monitoring for local privilege escalation vectors and memory corruption vulnerabilities in desktop applications. End users who regularly download and preview fonts from external sources.
Technical summary
GNOME Fonts Viewer 3.34.0 fails to properly validate TTF font file patterns, resulting in a heap-based out-of-bounds write. The vulnerability can be triggered when the application processes a malicious font file containing an oversized pattern that causes repeated malloc() calls, exhausting available memory and potentially crashing the process. The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H) indicates a local attack vector requiring user interaction but no privileges, with high impact across all security dimensions. The underlying weakness is CWE-787 (Out-of-bounds Write), a common memory safety defect in file parsing applications.
Defensive priority
high
Recommended defensive actions
- Update GNOME Fonts Viewer to a patched version when available from distribution maintainers
- Restrict execution of gnome-font-viewer to trusted users and avoid opening untrusted font files
- Consider sandboxing font preview applications to limit impact of memory corruption vulnerabilities
- Monitor distribution security advisories for GNOME components and apply updates promptly
- Implement application allowlisting to prevent execution of unapproved font viewer instances
- Review and restrict font file sources to trusted repositories only
Evidence notes
CVE published 2026-01-29; modified 2026-05-26. CVSS 4.0 score 8.4 (HIGH). Source references include GNOME FontViewer application page, GNOME help documentation, Exploit-DB entry 48803, and VulnCheck advisory. Vendor attribution to GNOME based on reference domain evidence with low confidence requiring review.
Official resources
2026-01-29