CVE-2025-47749

Name of the Vulnerable Software and Affected Versions: V-SFT versions 6.2.5.0 and earlier

Description: The issue is related to the free of pointer not at the start of the buffer in the CWinFontInf::WinFontMsgCheck function, located in the VS6EditData.dll file. This problem can be triggered by opening specially crafted V7 or V8 files, potentially leading to a crash, information disclosure, and arbitrary code execution.

Recommendations: For V-SFT versions 6.2.5.0 and earlier, consider avoiding the use of the CWinFontInf::WinFontMsgCheck function until a patch is available. As a temporary workaround, restrict the opening of V7 and V8 files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.