CNNVD-202512-5679 Information
Dec 31, 2025
cve
CNNVD ID
CNNVD-202512-5679
Related CVE
- CNNVD Published: 2025-12-31
Description (Chinese)
FontForge是fontforge开源的一款开源的支持多种语言的字体编辑工具。 FontForge存在安全漏洞,该漏洞源于解析PFB文件时对数据长度验证不当,可能导致栈缓冲区溢出和远程代码执行。
Description (English)
FontForge is an open-source multilingual font editing tool for the open-source Fontforge. FontForge has a security loophole, which stems from the poor validation of data lengths when deciphering PFAB files, which could lead to spilling out of the fence and remote code implementation.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
fontforge
Published
2025-12-31
Last Modified
2026-02-24
References
https://www.zerodayinitiative.com/advisories/ZDI-25-1191/
Share on: