Debian Fontforge vulnerabilities

CVE-2025-15278 [HIGH] CVE-2025-15278: fontforge - FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnera... FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the p

CVE-2025-15270 [HIGH] CVE-2025-15270: fontforge - FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execut... FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists w

CVE-2025-15273 [HIGH] CVE-2025-15273: fontforge - FontForge PFB File Parsing Stack-based Buffer Overflow Remote Code Execution Vul... FontForge PFB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t

CVE-2025-15269 [HIGH] CVE-2025-15269: fontforge - FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. T... FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of

CVE-2025-15274 [HIGH] CVE-2025-15274: fontforge - FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vuln... FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th

CVE-2025-15277 [HIGH] CVE-2025-15277: fontforge - FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Executi... FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists wi

CVE-2025-15271 [HIGH] CVE-2025-15271: fontforge - FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execut... FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists w

CVE-2025-15272 [HIGH] CVE-2025-15272: fontforge - FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vuln... FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th

CVE-2025-15276 [HIGH] CVE-2025-15276: fontforge - FontForge SFD File Parsing Deserialization of Untrusted Data Remote Code Executi... FontForge SFD File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists wi

CVE-2025-15275 [HIGH] CVE-2025-15275: fontforge - FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vuln... FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th

CVE-2025-15280 [HIGH] CVE-2025-15280: fontforge - FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. T... FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of

CVE-2025-15279 [HIGH] CVE-2025-15279: fontforge - FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Executi... FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists wi

CVE-2025-50951 [MEDIUM] CVE-2025-50951: fontforge - FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_c... FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_copy function at /fontforge/sfd.c. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2025-50949 [MEDIUM] CVE-2025-50949: fontforge - FontForge v20230101 was discovered to contain a memory leak via the component Dl... FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2024-25081 [MEDIUM] CVE-2024-25081: fontforge - Splinefont in FontForge through 20230101 allows command injection via crafted fi... Splinefont in FontForge through 20230101 allows command injection via crafted filenames. Scope: local bookworm: resolved (fixed in 1:20230101~dfsg-1.1~deb12u1) bullseye: resolved (fixed in 1:20201107~dfsg-4+deb11u1) forky: resolved (fixed in 1:20230101~dfsg-1.1) sid: resolved (fixed in 1:20230101~dfsg-1.1) trixie: resolved (fixed in 1:20230101~dfsg-1.1)

CVE-2024-25082 [MEDIUM] CVE-2024-25082: fontforge - Splinefont in FontForge through 20230101 allows command injection via crafted ar... Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files. Scope: local bookworm: resolved (fixed in 1:20230101~dfsg-1.1~deb12u1) bullseye: resolved (fixed in 1:20201107~dfsg-4+deb11u1) forky: resolved (fixed in 1:20230101~dfsg-1.1) sid: resolved (fixed in 1:20230101~dfsg-1.1) trixie: resolved (fixed in 1:20230101

CVE-2020-5496 [HIGH] CVE-2020-5496: fontforge - FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() ... FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c. Scope: local bookworm: resolved (fixed in 1:20201107~dfsg-1) bullseye: resolved (fixed in 1:20201107~dfsg-1) forky: resolved (fixed in 1:20201107~dfsg-1) sid: resolved (fixed in 1:20201107~dfsg-1) trixie: resolved (fixed in 1:20201107~dfsg-1)

CVE-2020-5395 [HIGH] CVE-2020-5395: fontforge - FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. Scope: local bookworm: resolved (fixed in 1:20201107~dfsg-1) bullseye: resolved (fixed in 1:20201107~dfsg-1) forky: resolved (fixed in 1:20201107~dfsg-1) sid: resolved (fixed in 1:20201107~dfsg-1) trixie: resolved (fixed in 1:20201107~dfsg-1)

CVE-2020-25690 [HIGH] CVE-2020-25690: fontforge - An out-of-bounds write flaw was found in FontForge in versions before 20200314 w... An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as

CVE-2019-15785 [CRITICAL] CVE-2019-15785: fontforge - FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs i... FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved