rpm package
opensuse/fontforge&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/fontforge&distro=openSUSE%20Leap%2015.6
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-50949 | — | < 20200314-150200.3.12.1 | 20200314-150200.3.12.1 | Oct 23, 2025 | FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8. | ||
| CVE-2017-17521 | Hig | 8.8 | < 20200314-150200.3.9.1 | 20200314-150200.3.9.1 | Dec 14, 2017 | uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534. |
- CVE-2025-50949Oct 23, 2025affected < 20200314-150200.3.12.1fixed 20200314-150200.3.12.1
FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8.
- affected < 20200314-150200.3.9.1fixed 20200314-150200.3.9.1
uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534.