CNNVD-202512-5678 Information

CNNVD ID

CNNVD-202512-5678

Related CVE

CVE-2025-15274

• CNNVD Published: 2025-12-31

Description (Chinese)

FontForge是fontforge开源的一款开源的支持多种语言的字体编辑工具。 FontForge存在安全漏洞，该漏洞源于解析SFD文件时对数据长度验证不当，可能导致堆缓冲区溢出和远程代码执行。

Description (English)

FontForge is an open-source multilingual font editing tool for the open-source Fontforge. FontForge has a security loophole, which stems from the poor validation of data lengths in the analysis of SFFD files, which may result in spills over the buffer zone and remote code implementation.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

fontforge

Published

2025-12-31

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-25-1190/