threat
engine
.sh
Back
·
··:··
Home
/
Product
/
fontforge
Product
fontforge
32 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-15280
all versions
FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execu
8.8
HIGH
CVE-2025-15279
all versions
FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote
7.8
HIGH
CVE-2025-15278
all versions
FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers
7.8
HIGH
CVE-2025-15277
all versions
FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote
7.8
HIGH
CVE-2025-15276
all versions
FontForge SFD File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote
7.8
HIGH
CVE-2025-15275
all versions
FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attack
8.8
HIGH
CVE-2025-15274
all versions
FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attack
8.8
HIGH
CVE-2025-15273
all versions
FontForge PFB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attac
8.8
HIGH
CVE-2025-15272
all versions
FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attack
8.8
HIGH
CVE-2025-15271
all versions
FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remot
8.8
HIGH
CVE-2025-15270
all versions
FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remot
8.8
HIGH
CVE-2025-15269
all versions
FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execu
8.8
HIGH
CVE-2025-50951
all versions
FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_copy function at /fontforge/sfd.c.
6.5
MEDIUM
CVE-2025-50949
all versions
FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8.
6.5
MEDIUM
CVE-2024-25082
<= 20230101
Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.
6.5
MEDIUM
CVE-2024-25081
<= 20230101
Splinefont in FontForge through 20230101 allows command injection via crafted filenames.
4.2
MEDIUM
CVE-2020-25690
< 20200314
An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCou
8.8
HIGH
CVE-2020-5496
all versions
FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c.
8.8
HIGH
CVE-2020-5395
all versions
FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.
8.8
HIGH
CVE-2019-15785
<= 20190801
FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c.
9.8
CRITICAL
CVE-2017-17521
<= 20170731
uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment
8.8
HIGH
CVE-2017-11577
all versions
FontForge 20161012 is vulnerable to a buffer over-read in getsid (parsettf.c) resulting in DoS or code execution via a crafted otf
7.8
HIGH
CVE-2017-11576
all versions
FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS
5.5
MEDIUM
CVE-2017-11575
all versions
FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (char.c) resulting in DoS or code execution via a crafted otf
7.8
HIGH
CVE-2017-11574
all versions
FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c) resulting in DoS or code execution via
7.8
HIGH
CVE-2017-11573
all versions
FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName (parsettf.c) resulting in DoS or code executi
7.8
HIGH
CVE-2017-11572
all versions
FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts (parsettf.c) resulting in DoS or code executi
7.8
HIGH
CVE-2017-11571
all versions
FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble (parsettf.c) resulting in DoS or code execution via
7.8
HIGH
CVE-2017-11570
all versions
FontForge 20161012 is vulnerable to a buffer over-read in umodenc (parsettf.c) resulting in DoS or code execution via a crafted ot
7.8
HIGH
CVE-2017-11569
all versions
FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights (parsettf.c) resulting in DoS or code execu
7.8
HIGH
CVE-2017-11568
all versions
FontForge 20161012 is vulnerable to a heap-based buffer over-read in PSCharStringToSplines (psread.c) resulting in DoS or code exe
7.8
HIGH
CVE-2010-4259
all versions
Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or poss
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin