CVE-2025-15269
DOCUMENTATION: A flaw was found in FontForge. This use-after-free vulnerability, occurring during the parsing of SFD (Spline Font Database) files, allows a remote attacker to execute arbitrary code. Successful exploitation requires user interaction, such as opening a specially crafted malicious file or visiting a malicious web page. This can lead to complete control over the affected system.
STATEMENT: This vulnerability is rated Important for Red Hat because it allows remote code execution in FontForge through a use-after-free flaw when parsing specially crafted SFD files. Successful exploitation requires user interaction, such as opening a malicious file or visiting a malicious web page. This affects FontForge as shipped in Red Hat Enterprise Linux versions 6, 7, 8, 9, and 10, as well as Fedora and Red Hat In-Vehicle OS.
MITIGATION: To mitigate this issue, users should avoid opening untrusted SFD files or visiting malicious web pages. Exercise caution with content from unknown or suspicious sources to prevent exploitation of this vulnerability.
Package Versions Affected
Automatically patch vulnerabilities without upgrading
CVSS Version
Related Resources
References
https://access.redhat.com/security/cve/CVE-2025-15269
Basic Information
