Source: fontforge Version: 1:20230101~dfsg-8 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerabilities were published for fontforge. CVE-2025-15269[0]: | FontForge SFD File Parsing Use-After-Free Remote Code Execution | Vulnerability. This vulnerability allows remote attackers to execute | arbitrary code on affected installations of FontForge. User | interaction is required to exploit this vulnerability in that the | target must visit a malicious page or open a malicious file. The | specific flaw exists within the parsing of SFD files. The issue | results from the lack of validating the existence of an object prior | to performing operations on the object. An attacker can leverage | this vulnerability to execute code in the context of the current | user. Was ZDI-CAN-28564. CVE-2025-15270[1]: | FontForge SFD File Parsing Improper Validation of Array Index Remote | Code Execution Vulnerability. This vulnerability allows remote | attackers to execute arbitrary code on affected installations of | FontForge. User interaction is required to exploit this | vulnerability in that the target must visit a malicious page or open | a malicious file. The specific flaw exists within the parsing of | SFD files. The issue results from the lack of proper validation of | user-supplied data, which can result in a write past the end of an | allocated array. An attacker can leverage this vulnerability to | execute code in the context of the current user. Was ZDI-CAN-28563. CVE-2025-15271[2]: | FontForge SFD File Parsing Improper Validation of Array Index Remote | Code Execution Vulnerability. This vulnerability allows remote | attackers to execute arbitrary code on affected installations of | FontForge. User interaction is required to exploit this | vulnerability in that the target must visit a malicious page or open | a malicious file. The specific flaw exists within the parsing of | SFD files. The issue results from the lack of proper validation of | user-supplied data, which can result in a write past the end of an | allocated array. An attacker can leverage this vulnerability to | execute code in the context of the current user. Was ZDI-CAN-28562. CVE-2025-15272[3]: | FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code | Execution Vulnerability. This vulnerability allows remote attackers | to execute arbitrary code on affected installations of FontForge. | User interaction is required to exploit this vulnerability in that | the target must visit a malicious page or open a malicious file. | The specific flaw exists within the parsing of SFD files. The issue | results from the lack of proper validation of the length of user- | supplied data prior to copying it to a heap-based buffer. An | attacker can leverage this vulnerability to execute code in the | context of the current user. Was ZDI-CAN-28547. CVE-2025-15273[4]: | FontForge PFB File Parsing Stack-based Buffer Overflow Remote Code | Execution Vulnerability. This vulnerability allows remote attackers | to execute arbitrary code on affected installations of FontForge. | User interaction is required to exploit this vulnerability in that | the target must visit a malicious page or open a malicious file. | The specific flaw exists within the parsing of PFB files. The issue | results from the lack of proper validation of the length of user- | supplied data prior to copying it to a fixed-length stack-based | buffer. An attacker can leverage this vulnerability to execute code | in the context of the current user. Was ZDI-CAN-28546. CVE-2025-15274[5]: | FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code | Execution Vulnerability. This vulnerability allows remote attackers | to execute arbitrary code on affected installations of FontForge. | User interaction is required to exploit this vulnerability in that | the target must visit a malicious page or open a malicious file. | The specific flaw exists within the parsing of SFD files. The issue | results from the lack of proper validation of the length of user- | supplied data prior to copying it to a heap-based buffer. An | attacker can leverage this vulnerability to execute code in the | context of the current user. Was ZDI-CAN-28544. CVE-2025-15275[6]: | FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code | Execution Vulnerability. This vulnerability allows remote attackers | to execute arbitrary code on affected installations of FontForge. | User interaction is required to exploit this vulnerability in that | the target must visit a malicious page or open a malicious file. | The specific flaw exists within the parsing of SFD files. The issue | results from the lack of proper validation of the length of user- | supplied data prior to copying it to a heap-based buffer. An | attacker can leverage this vulnerability to execute code in the | context of the current user. Was ZDI-CAN-28543. CVE-2025-15276[7]: | FontForge SFD File Parsing Deserialization of Untrusted Data Remote | Code Execution Vulnerability. This vulnerability allows remote | attackers to execute arbitrary code on affected installations of | FontForge. User interaction is required to exploit this | vulnerability in that the target must visit a malicious page or open | a malicious file. The specific flaw exists within the parsing of | SFD files. The issue results from the lack of proper validation of | user-supplied data, which can result in deserialization of untrusted | data. An attacker can leverage this vulnerability to execute code in | the context of the current process. Was ZDI-CAN-28198. CVE-2025-15277[8]: | FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote | Code Execution Vulnerability. This vulnerability allows remote | attackers to execute arbitrary code on affected installations of | FontForge. User interaction is required to exploit this | vulnerability in that the target must visit a malicious page or open | a malicious file. The specific flaw exists within the parsing of | scanlines within SGI files. The issue results from the lack of | proper validation of the length of user-supplied data prior to | copying it to a heap-based buffer. An attacker can leverage this | vulnerability to execute code in the context of the current process. | Was ZDI-CAN-27920. CVE-2025-15278[9]: | FontForge GUtils XBM File Parsing Integer Overflow Remote Code | Execution Vulnerability. This vulnerability allows remote attackers | to execute arbitrary code on affected installations of FontForge. | User interaction is required to exploit this vulnerability in that | the target must visit a malicious page or open a malicious file. | The specific flaw exists within the parsing of pixels within XBM | files. The issue results from the lack of proper validation of user- | supplied data, which can result in an integer overflow before | allocating a buffer. An attacker can leverage this vulnerability to | execute code in the context of the current process. Was ZDI- | CAN-27865. CVE-2025-15279[10]: | FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote | Code Execution Vulnerability. This vulnerability allows remote | attackers to execute arbitrary code on affected installations of | FontForge. User interaction is required to exploit this | vulnerability in that the target must visit a malicious page or open | a malicious file. The specific flaw exists within the parsing of | pixels within BMP files. The issue results from the lack of proper | validation of the length of user-supplied data prior to copying it | to a heap-based buffer. An attacker can leverage this vulnerability | to execute code in the context of the current user. Was ZDI- | CAN-27517. CVE-2025-15280[11]: | FontForge SFD File Parsing Use-After-Free Remote Code Execution | Vulnerability. This vulnerability allows remote attackers to execute | arbitrary code on affected installations of FontForge. User | interaction is required to exploit this vulnerability in that the | target must visit a malicious page or open a malicious file. The | specific flaw exists within the parsing of SFD files. The issue | results from the lack of validating the existence of an object prior | to performing operations on the object. An attacker can leverage | this vulnerability to execute code in the context of the current | user. Was ZDI-CAN-28525. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-15269 https://www.cve.org/CVERecord?id=CVE-2025-15269 [1] https://security-tracker.debian.org/tracker/CVE-2025-15270 https://www.cve.org/CVERecord?id=CVE-2025-15270 [2] https://security-tracker.debian.org/tracker/CVE-2025-15271 https://www.cve.org/CVERecord?id=CVE-2025-15271 [3] https://security-tracker.debian.org/tracker/CVE-2025-15272 https://www.cve.org/CVERecord?id=CVE-2025-15272 [4] https://security-tracker.debian.org/tracker/CVE-2025-15273 https://www.cve.org/CVERecord?id=CVE-2025-15273 [5] https://security-tracker.debian.org/tracker/CVE-2025-15274 https://www.cve.org/CVERecord?id=CVE-2025-15274 [6] https://security-tracker.debian.org/tracker/CVE-2025-15275 https://www.cve.org/CVERecord?id=CVE-2025-15275 [7] https://security-tracker.debian.org/tracker/CVE-2025-15276 https://www.cve.org/CVERecord?id=CVE-2025-15276 [8] https://security-tracker.debian.org/tracker/CVE-2025-15277 https://www.cve.org/CVERecord?id=CVE-2025-15277 [9] https://security-tracker.debian.org/tracker/CVE-2025-15278 https://www.cve.org/CVERecord?id=CVE-2025-15278 [10] https://security-tracker.debian.org/tracker/CVE-2025-15279 https://www.cve.org/CVERecord?id=CVE-2025-15279 [11] https://security-tracker.debian.org/tracker/CVE-2025-15280 https://www.cve.org/CVERecord?id=CVE-2025-15280 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
