PT-2025-53816 · Fontforge+2 · Fontforge+2

Published

2025-01-01

Updated

2026-04-13

CVE-2025-15269

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FontForge (affected versions not specified)

Description A flaw exists in FontForge due to improper validation when parsing SFD files. This can lead to a use-after-free condition, potentially allowing a remote attacker to execute arbitrary code. User interaction is required, such as visiting a malicious page or opening a malicious file. The issue occurs when operations are performed on an object without first verifying its existence. Successful exploitation allows code execution in the context of the current user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2026:2039

ALSA-2026:2230

ALSA-2026:7677

CVE-2025-15269

MGASA-2026-0034

OPENSUSE-SU-2026:10122-1

OPENSUSE-SU-2026:20235-1

RHSA-2026:2039

RHSA-2026:2213

RHSA-2026:2230

RHSA-2026:2232

RHSA-2026:2566

RHSA-2026:7677

RHSA-2026:8937

SUSE-SU-2026:20435-1

ZDI-25-1195

Affected Products

Debian

Fontforge

Rocky Linux

PT-2025-53816 · Fontforge+2 · Fontforge+2

CVE-2025-15269

Weakness Enumeration

Related Identifiers

Affected Products

References · 50