CVE-2025-15276

Name of the Vulnerable Software and Affected Versions FontForge (affected versions not specified)

Description A flaw exists in FontForge due to insufficient validation of user-supplied data during the parsing of SFD files, leading to deserialization of untrusted data. This can allow a remote attacker to execute arbitrary code on affected installations. User interaction is required, specifically the target must open a malicious file or visit a malicious page. The issue was identified as ZDI-CAN-28198.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.