CNNVD-202512-5676 Information
Dec 31, 2025
cve
CNNVD ID
CNNVD-202512-5676
Related CVE
- CNNVD Published: 2025-12-31
Description (Chinese)
FontForge是fontforge开源的一款开源的支持多种语言的字体编辑工具。 FontForge存在代码问题漏洞,该漏洞源于解析SFD文件时对数据验证不当,可能导致反序列化不可信数据和远程代码执行。
Description (English)
FontForge is an open-source multilingual font editing tool for the open-source Fontforge. FontForge has a code problem loophole, which stems from poor data validation in the analysis of SDF files, which may lead to anti-serialization untrustworthy data and remote code execution.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
fontforge
Published
2025-12-31
Last Modified
2026-02-24
References
https://www.zerodayinitiative.com/advisories/ZDI-25-1187/
Share on: