CNNVD-202512-5682 Information

CNNVD ID

CNNVD-202512-5682

Related CVE

CVE-2025-15270

• CNNVD Published: 2025-12-31

Description (Chinese)

FontForge是fontforge开源的一款开源的支持多种语言的字体编辑工具。 FontForge存在输入验证错误漏洞，该漏洞源于解析SFD文件时对数组索引验证不当，可能导致越界写入和远程代码执行。

Description (English)

FontForge is an open-source multilingual font editing tool for the open-source Fontforge. FontForge has an input validation error loophole, which stems from the improper validation of logarithmic indexing when deciphering SFFD files, which may result in cross-boundary writing and remote code execution.

Hazard Level

Medium

Vulnerability Type

输入验证错误

Affected Vendor

fontforge

Published

2025-12-31

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-25-1194/