rpm package
opensuse/fontforge&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/fontforge&distro=openSUSE%20Tumbleweed
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-15279 | — | < 20251009-4.1 | 20251009-4.1 | Dec 31, 2025 | FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the ta | ||
| CVE-2025-15275 | — | < 20251009-4.1 | 20251009-4.1 | Dec 31, 2025 | FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target mu | ||
| CVE-2025-15270 | — | < 20251009-6.1 | 20251009-6.1 | Dec 31, 2025 | FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the t | ||
| CVE-2025-15269 | — | < 20251009-4.1 | 20251009-4.1 | Dec 31, 2025 | FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a m | ||
| CVE-2025-50949 | — | < 20251009-2.1 | 20251009-2.1 | Oct 23, 2025 | FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8. | ||
| CVE-2020-5395 | — | < 20201107-1.6 | 20201107-1.6 | Jan 3, 2020 | FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. | ||
| CVE-2017-17521 | Hig | 8.8 | < 20230101-6.1 | 20230101-6.1 | Dec 14, 2017 | uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534. |
- CVE-2025-15279Dec 31, 2025affected < 20251009-4.1fixed 20251009-4.1
FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the ta
- CVE-2025-15275Dec 31, 2025affected < 20251009-4.1fixed 20251009-4.1
FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target mu
- CVE-2025-15270Dec 31, 2025affected < 20251009-6.1fixed 20251009-6.1
FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the t
- CVE-2025-15269Dec 31, 2025affected < 20251009-4.1fixed 20251009-4.1
FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a m
- CVE-2025-50949Oct 23, 2025affected < 20251009-2.1fixed 20251009-2.1
FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8.
- CVE-2020-5395Jan 3, 2020affected < 20201107-1.6fixed 20201107-1.6
FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.
- affected < 20230101-6.1fixed 20230101-6.1
uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534.