VYPR

rpm package

opensuse/fontforge&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/fontforge&distro=openSUSE%20Tumbleweed

Vulnerabilities (7)

  • CVE-2025-15279Dec 31, 2025
    affected < 20251009-4.1fixed 20251009-4.1

    FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the ta

  • CVE-2025-15275Dec 31, 2025
    affected < 20251009-4.1fixed 20251009-4.1

    FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target mu

  • CVE-2025-15270Dec 31, 2025
    affected < 20251009-6.1fixed 20251009-6.1

    FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the t

  • CVE-2025-15269Dec 31, 2025
    affected < 20251009-4.1fixed 20251009-4.1

    FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a m

  • CVE-2025-50949Oct 23, 2025
    affected < 20251009-2.1fixed 20251009-2.1

    FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8.

  • CVE-2020-5395Jan 3, 2020
    affected < 20201107-1.6fixed 20201107-1.6

    FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.

  • CVE-2017-17521HigDec 14, 2017
    affected < 20230101-6.1fixed 20230101-6.1

    uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534.