CVE-2025-15270

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FontForge (affected versions not specified)

Description A flaw exists in FontForge related to the parsing of SFD files. Insufficient validation of user-supplied data can lead to a write past the end of an allocated array, potentially allowing a remote attacker to execute arbitrary code in the context of the current user. User interaction is required, such as visiting a malicious page or opening a malicious file, to trigger this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

DoS

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129

Related Identifiers

ALSA-2026:6628

ALSA-2026:6631

ALSA-2026:7677

CVE-2025-15270

MGASA-2026-0034

OPENSUSE-SU-2026:10513-1

OPENSUSE-SU-2026:20608-1

RHSA-2026:6628

RHSA-2026:6631

RHSA-2026:6635

RHSA-2026:7001

RHSA-2026:7677

RHSA-2026:8875

SUSE-SU-2026:1636-1

SUSE-SU-2026:21375-1

ZDI-25-1194

Affected Products

Debian

Fontforge

Rocky Linux

CVE-2025-15270

Weakness Enumeration

Related Identifiers

Affected Products

References · 43