CNNVD-202512-5674 Information

CNNVD ID

CNNVD-202512-5674

Related CVE

CVE-2025-15278

• CNNVD Published: 2025-12-31

Description (Chinese)

FontForge是fontforge开源的一款开源的支持多种语言的字体编辑工具。 FontForge存在输入验证错误漏洞，该漏洞源于解析XBM文件像素时对数据验证不当，可能导致整数溢出和远程代码执行。

Description (English)

FontForge is an open-source multilingual font editing tool for the open-source Fontforge. FontForge has an input validation error loophole, which results from inappropriate data validation during the analysis of XBM files pixels, which may result in integer spills and remote code execution.

Hazard Level

Medium

Vulnerability Type

输入验证错误

Affected Vendor

fontforge

Published

2025-12-31

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-25-1185/