Cyber Resilience

CVE-2020-37011

HighPublic PoC

Published: 29 January 2026

Published
29 January 2026
Modified
26 May 2026
KEV Added
Patch
CVSS Score v4 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0041 32.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2020-37011 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Gnome Fonts Viewer (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 32.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2020-37011 is a heap corruption vulnerability (CWE-787) affecting Gnome Fonts Viewer version 3.34.0. The flaw enables an out-of-bounds write through a specially crafted TTF font file, where an oversized pattern triggers an infinite malloc() loop. This can potentially crash the gnome-font-viewer process. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and was published on 2026-01-29.

Remote attackers can exploit this vulnerability over the network with low attack complexity, requiring no privileges or user interaction. Exploitation involves tricking a user into opening the malicious TTF file in Gnome Fonts Viewer, resulting in a denial-of-service via process crash and high availability impact.

References include advisories from VulnCheck (vulncheck.com/advisories/gnome-fonts-viewer-heap-corruption) and proof-of-concept exploits on Exploit-DB (exploit-db.com/exploits/48803), along with GNOME Font Viewer (apps.gnome.org/FontViewer/) and help documentation (help.gnome.org/). These resources detail the issue but do not specify patches in the provided information.

EU & UK References

Vulnerability details

Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with an oversized pattern to exhaust memory through…

more

repeated malloc() calls and potentially crash the gnome-font-viewer process.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Malicious TTF font file opened by user triggers heap corruption/DoS in font viewer process.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-33144Shared CWE-787
CVE-2025-24451Shared CWE-787
CVE-2025-24441Shared CWE-787
CVE-2025-23396Shared CWE-787
CVE-2018-25255Shared CWE-787
CVE-2019-25604Shared CWE-787
CVE-2026-21312Shared CWE-787
CVE-2026-23715Shared CWE-787
CVE-2025-21138Shared CWE-787
CVE-2026-0957Shared CWE-787

Affected Assets

Gnome
Fonts Viewer
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of TTF font file inputs to reject malformed structures that trigger oversized patterns and heap corruption in gnome-font-viewer.

prevent

Mandates timely patching of the identified heap-corruption flaw in Gnome Fonts Viewer 3.34.0 to eliminate the out-of-bounds write condition.

prevent

Enforces memory protection mechanisms that can contain or block the out-of-bounds write and repeated malloc() behavior caused by the crafted TTF file.

References