Remote Code Execution (RCE) Through Buffer Overflow

libfontforge.so is vulnerable to remote code execution (RCE) attacks. A malicious user can pass a ttf file to the readcffset function in parsettf.c to cause a buffer overflow that can crash the application or cause arbitrary code to be executed.