Pkvanca

**Name of the Vulnerable Software and Affected Versions** FontForge versions through 20230101 **Description** The issue exists due to the lack of neutralization of special elements in the software. This can allow an attacker to execute arbitrary commands via crafted filenames. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was exploited are not provided. **Recommendations** For versions through 20230101, consider disabling the ability to process crafted filenames as a temporary workaround until a patch is available. Restrict access to the Splinefont feature in FontForge to minimize the risk of exploitation. Avoid using the Splinefont feature with untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FontForge versions through 20230101 **Description** The issue allows command injection via crafted archives or compressed files. This is due to the lack of measures to neutralize special elements, which can enable an attacker to execute arbitrary commands. **Recommendations** For versions through 20230101, consider disabling the handling of crafted archives or compressed files as a temporary workaround until a patch is available. Restrict access to the Splinefont feature in FontForge to minimize the risk of exploitation. Avoid using the software with untrusted input until the issue is resolved.