CVE-2025-15269

EUVD-2025-205898
FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of SFD files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28564.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Debian logo
Debian Releases
Debian Product
Codename
fontforge
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
vulnerable
sid
vulnerable
trixie
vulnerable
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
fontforge
RHEL 9
0:20201107-7.el9_7
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
fontforge
Amazon Linux 2
0:20120731b-13.amzn2.0.4
fixed
Amazon Linux 2023
0:20201107-3.amzn2023.0.5
fixed
fontforge-debuginfo
Amazon Linux 2
0:20120731b-13.amzn2.0.4
fixed
Amazon Linux 2023
0:20201107-3.amzn2023.0.5
fixed
fontforge-debugsource
Amazon Linux 2023
0:20201107-3.amzn2023.0.5
fixed
fontforge-devel
Amazon Linux 2
0:20120731b-13.amzn2.0.4
fixed
Amazon Linux 2023
0:20201107-3.amzn2023.0.5
fixed
fontforge-doc
Amazon Linux 2023
0:20201107-3.amzn2023.0.5
fixed