CVE-2025-15280

Name of the Vulnerable Software and Affected Versions FontForge (affected versions not specified)

Description This issue is a use-after-free remote code execution flaw in FontForge, specifically within the parsing of SFD files. Successful exploitation allows remote attackers to execute arbitrary code on affected systems. User interaction is required, as an attacker must trick a user into visiting a malicious page or opening a malicious file. The flaw stems from a lack of validation to confirm the existence of an object before operations are performed on it, enabling an attacker to execute code with the privileges of the current user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.