CNNVD-202512-5684 Information

CNNVD ID

CNNVD-202512-5684

Related CVE

CVE-2025-15269

• CNNVD Published: 2025-12-31

Description (Chinese)

FontForge是fontforge开源的一款开源的支持多种语言的字体编辑工具。 FontForge存在资源管理错误漏洞，该漏洞源于解析SFD文件时未验证对象存在，可能导致释放后重用和远程代码执行。

Description (English)

FontForge is an open-source multilingual font editing tool for the open-source Fontforge. FontForge had a resource management error gap, which stemmed from the fact that objects were not verified when the SFFD file was deciphered and could lead to re-use and remote code execution after release.

Hazard Level

Medium

Vulnerability Type

资源管理错误

Affected Vendor

fontforge

Published

2025-12-31

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-25-1195/