Shodan
Vulnerabilities
Vulnerable Software
Fontforge:  >> Fontforge  >> 20161012  Security Vulnerabilities
CVE-2024-25081
Splinefont in FontForge through 20230101 allows command injection via crafted filenames.
CVSS Score
4.2
EPSS Score
0.001
Published
2024-02-26
CVE-2024-25082
Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.
CVSS Score
6.5
EPSS Score
0.009
Published
2024-02-26
CVE-2020-25690
An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVSS Score
8.8
EPSS Score
0.008
Published
2021-02-23
CVE-2019-15785
FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-08-29
CVE-2017-17521
uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-12-14
CVE-2017-11568
FontForge 20161012 is vulnerable to a heap-based buffer over-read in PSCharStringToSplines (psread.c) resulting in DoS or code execution via a crafted otf file.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-07-23
CVE-2017-11569
FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights (parsettf.c) resulting in DoS or code execution via a crafted otf file.
CVSS Score
7.8
EPSS Score
0.007
Published
2017-07-23
CVE-2017-11570
FontForge 20161012 is vulnerable to a buffer over-read in umodenc (parsettf.c) resulting in DoS or code execution via a crafted otf file.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-07-23
CVE-2017-11571
FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble (parsettf.c) resulting in DoS or code execution via a crafted otf file.
CVSS Score
7.8
EPSS Score
0.007
Published
2017-07-23
CVE-2017-11572
FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts (parsettf.c) resulting in DoS or code execution via a crafted otf file.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-07-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved