TencentOS Server 3: fontforge (TSSA-2026:0357)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0357 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: fontforge (UTSA-2026-014311)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014311 advisory. FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary co...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: fontforge (UTSA-2026-014309)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014309 advisory. FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary cod...

MiracleLinux 9 : fontforge-20201107-8.el9_7 (AXSA:2026-417:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2026-417:02 advisory. fontforge: FontForge: Remote Code Execution via malicious SFD file parsing CVE-2025-15270 Tenable has extracted the preceding description block directly from...

AlmaLinux 10 : fontforge (ALSA-2026:6631)

The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:6631 advisory. fontforge: FontForge: Remote Code Execution via malicious SFD file parsing CVE-2025-15270 Tenable has extracted the preceding description block directly from the...

RHEL 9 : fontforge (RHSA-2026:6628)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:6628 advisory. FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type...

Mageia: Security Advisory (MGASA-2026-0034)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 10 : fontforge (RHSA-2026:2232)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:2232 advisory. FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1,...

MiracleLinux 8 : fontforge-20200314-6.el8 (AXSA:2024-8552:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8552:01 advisory. fontforge: command injection via crafted filenames CVE-2024-25081 fontforge: command injection via crafted archives or compressed files CVE-2024-250...

CVE-2025-15275

A flaw was found in FontForge. A remote attacker could exploit a heap-based buffer overflow vulnerability during SFD file parsing. This issue arises from insufficient validation of user-supplied data length before copying it to a buffer. Successful exploitation requires user interaction, such as...

CVE-2025-15271

A flaw was found in FontForge. This vulnerability allows a remote attacker to execute arbitrary code on affected installations. Exploitation requires user interaction, such as opening a malicious SFD Spline Font Database file. The issue arises from improper validation of user-supplied data during...

CVE-2025-15275

FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

UBUNTU-CVE-2025-15275

FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2025-15278 FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability

FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

Linux Distros Unpatched Vulnerability : CVE-2025-15272

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code ...

Linux Distros Unpatched Vulnerability : CVE-2025-15275

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code ...

FontForge 安全漏洞

FontForge is an open source font editing tool from fontforge that supports multiple languages. A security vulnerability exists in FontForge that stems from improper validation of data length when parsing SGI file scanlines, which could lead to a heap buffer overflow and remote code execution...

Linux Distros Unpatched Vulnerability : CVE-2025-15274

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code ...

Linux Distros Unpatched Vulnerability : CVE-2025-15278

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on...

Linux Distros Unpatched Vulnerability : CVE-2025-15271

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitra...