CVE-2025-15274

Name of the Vulnerable Software and Affected Versions FontForge (affected versions not specified)

Description A flaw exists in FontForge related to the parsing of SFD files. This issue is a heap-based buffer overflow that could allow a remote attacker to execute arbitrary code on affected systems. User interaction is required, specifically the target must open a malicious file or visit a malicious page. The issue stems from insufficient validation of user-supplied data length before copying it into a heap-based buffer. Successful exploitation could allow an attacker to execute code with the privileges of the current user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.