19 matches found
fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing
A flaw was found in FontForge. This use-after-free vulnerability, occurring during the parsing of SFD Spline Font Database files, allows a remote attacker to execute arbitrary code. Successful exploitation requires user interaction, such as opening a specially crafted malicious file or visiting a...
fontforge: FontForge: Arbitrary code execution via SFD file parsing buffer overflow
A flaw was found in FontForge. A remote attacker could exploit a heap-based buffer overflow vulnerability during SFD file parsing. This issue arises from insufficient validation of user-supplied data length before copying it to a buffer. Successful exploitation requires user interaction, such as...
fontforge: FontForge: Remote Code Execution via malicious SFD file parsing
A flaw was found in FontForge. This vulnerability allows a remote attacker to execute arbitrary code by tricking a user into opening a specially crafted SFD Spline Font Database file. The issue stems from improper validation of array indexes during SFD file parsing, which can lead to writing data...
fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing
A flaw was found in FontForge. This use-after-free vulnerability, occurring during the parsing of SFD Spline Font Database files, allows a remote attacker to execute arbitrary code. Successful exploitation requires user interaction, such as opening a specially crafted malicious file or visiting a...
fontforge: FontForge: Remote Code Execution via malicious SFD file parsing
A flaw was found in FontForge. This vulnerability allows a remote attacker to execute arbitrary code by tricking a user into opening a specially crafted SFD Spline Font Database file. The issue stems from improper validation of array indexes during SFD file parsing, which can lead to writing data...
fontforge: FontForge: Remote Code Execution via malicious SFD file parsing
A flaw was found in FontForge. This vulnerability allows a remote attacker to execute arbitrary code by tricking a user into opening a specially crafted SFD Spline Font Database file. The issue stems from improper validation of array indexes during SFD file parsing, which can lead to writing data...
fontforge: FontForge: Remote Code Execution via malicious SFD file parsing
A flaw was found in FontForge. This vulnerability allows a remote attacker to execute arbitrary code by tricking a user into opening a specially crafted SFD Spline Font Database file. The issue stems from improper validation of array indexes during SFD file parsing, which can lead to writing data...
fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing
A flaw was found in FontForge. This use-after-free vulnerability, occurring during the parsing of SFD Spline Font Database files, allows a remote attacker to execute arbitrary code. Successful exploitation requires user interaction, such as opening a specially crafted malicious file or visiting a...
fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing
A flaw was found in FontForge. This use-after-free vulnerability, occurring during the parsing of SFD Spline Font Database files, allows a remote attacker to execute arbitrary code. Successful exploitation requires user interaction, such as opening a specially crafted malicious file or visiting a...
fontforge: FontForge: Arbitrary code execution via SFD file parsing buffer overflow
A flaw was found in FontForge. A remote attacker could exploit a heap-based buffer overflow vulnerability during SFD file parsing. This issue arises from insufficient validation of user-supplied data length before copying it to a buffer. Successful exploitation requires user interaction, such as...
fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing
A flaw was found in FontForge. This use-after-free vulnerability, occurring during the parsing of SFD Spline Font Database files, allows a remote attacker to execute arbitrary code. Successful exploitation requires user interaction, such as opening a specially crafted malicious file or visiting a...
fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing
A flaw was found in FontForge. This use-after-free vulnerability, occurring during the parsing of SFD Spline Font Database files, allows a remote attacker to execute arbitrary code. Successful exploitation requires user interaction, such as opening a specially crafted malicious file or visiting a...
CVE-2025-15274
A flaw was found in FontForge. This heap-based buffer overflow vulnerability allows a remote attacker to execute arbitrary code on an affected system. This occurs when a user is tricked into opening a specially crafted SFD file, due to improper validation of user-supplied data length during file...
CVE-2025-15269
A flaw was found in FontForge. This use-after-free vulnerability, occurring during the parsing of SFD Spline Font Database files, allows a remote attacker to execute arbitrary code. Successful exploitation requires user interaction, such as opening a specially crafted malicious file or visiting a...
CVE-2025-15272
A flaw was found in FontForge. This heap-based buffer overflow vulnerability allows a remote attacker to execute arbitrary code on the system. The flaw occurs during the parsing of SFD Spline Font Database files due to insufficient validation of user-supplied data length. Successful exploitation...
CVE-2025-15270
A flaw was found in FontForge. This vulnerability allows a remote attacker to execute arbitrary code by tricking a user into opening a specially crafted SFD Spline Font Database file. The issue stems from improper validation of array indexes during SFD file parsing, which can lead to writing data...
CVE-2025-15271
A flaw was found in FontForge. This vulnerability allows a remote attacker to execute arbitrary code on affected installations. Exploitation requires user interaction, such as opening a malicious SFD Spline Font Database file. The issue arises from improper validation of user-supplied data during...
FontForge 资源管理错误漏洞
FontForge is an open source font editing tool from fontforge that supports multiple languages. A resource management error vulnerability exists in FontForge that stems from not verifying the existence of an object when parsing an SFD file, which could lead to post-release reuse and remote code...
PT-2025-53818
Name of the Vulnerable Software and Affected Versions FontForge affected versions not specified Description A flaw exists in FontForge related to the parsing of SFD files. Insufficient validation of user-supplied data can lead to a write past the end of an allocated array, potentially allowing a...