CNNVD-202512-5675 Information

CNNVD ID

CNNVD-202512-5675

Related CVE

CVE-2025-15277

• CNNVD Published: 2025-12-31

Description (Chinese)

FontForge是fontforge开源的一款开源的支持多种语言的字体编辑工具。 FontForge存在安全漏洞，该漏洞源于解析SGI文件扫描线时对数据长度验证不当，可能导致堆缓冲区溢出和远程代码执行。

Description (English)

FontForge is an open-source multilingual font editing tool for the open-source Fontforge. FontForge has a security loophole, which stems from the poor validation of data lengths during the analysis of the SGI file scanners, which could lead to spills over the buffer zone and remote code execution.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

fontforge

Published

2025-12-31

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-25-1186/