Vulnerabilities

CVE-2025-15273 - FontForge PFB File Parsing Stack-based Buffer Overflow Remote Code Execution Vul...

2025-12-31 0 views admin
CVE-2025-15273 - FontForge PFB File Parsing Stack-based Buffer Overflow Remote Code Execution Vul...

CVE ID : CVE-2025-15273 Published : Dec. 31, 2025, 7:15 a.m. | 1 hour, 44 minutes ago Description : FontForge PFB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PFB files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28546. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Severity
HIGH
Published
Dec. 31, 2025
Impact: Remote Code Execution

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-15273high

More from Vulnerabilities

CVE-2025-49358 - WordPress Content Fetcher plugin <= 1.1 - cross site scripting (xss) vulnerability

CVE-2025-49358 - WordPress Content Fetcher plugin <= 1.1 - cross site scripting (xss) vulnerability

2025-12-31 0
CVE-2025-62135 - WordPress Responsive Block Control plugin <= 1.2.9 - cross site scripting (xss) ...

CVE-2025-62135 - WordPress Responsive Block Control plugin <= 1.2.9 - cross site scripting (xss) ...

2025-12-31 0
CVE-2025-62991 - WordPress Minamaze theme <= 1.10.1 - cross site scripting (xss) vulnerability

CVE-2025-62991 - WordPress Minamaze theme <= 1.10.1 - cross site scripting (xss) vulnerability

2025-12-31 0
CVE-2025-62757 - WordPress WebMan Amplifier plugin <= 1.5.12 - cross site scripting (xss) vulnera...

CVE-2025-62757 - WordPress WebMan Amplifier plugin <= 1.5.12 - cross site scripting (xss) vulnera...

2025-12-31 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views