Vulnerabilities

CVE-2025-15272 - FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vuln...

2025-12-31 0 views admin
CVE-2025-15272 - FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vuln...

CVE ID : CVE-2025-15272 Published : Dec. 31, 2025, 7:15 a.m. | 1 hour, 44 minutes ago Description : FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SFD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28547. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Severity
HIGH
Published
Dec. 31, 2025
Impact: Remote Code Execution

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-15272high

More from Vulnerabilities

CVE-2025-49358 - WordPress Content Fetcher plugin <= 1.1 - cross site scripting (xss) vulnerability

CVE-2025-49358 - WordPress Content Fetcher plugin <= 1.1 - cross site scripting (xss) vulnerability

2025-12-31 0
CVE-2025-62135 - WordPress Responsive Block Control plugin <= 1.2.9 - cross site scripting (xss) ...

CVE-2025-62135 - WordPress Responsive Block Control plugin <= 1.2.9 - cross site scripting (xss) ...

2025-12-31 0
CVE-2025-62991 - WordPress Minamaze theme <= 1.10.1 - cross site scripting (xss) vulnerability

CVE-2025-62991 - WordPress Minamaze theme <= 1.10.1 - cross site scripting (xss) vulnerability

2025-12-31 0
CVE-2025-62757 - WordPress WebMan Amplifier plugin <= 1.5.12 - cross site scripting (xss) vulnera...

CVE-2025-62757 - WordPress WebMan Amplifier plugin <= 1.5.12 - cross site scripting (xss) vulnera...

2025-12-31 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views