Описание
FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SFD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28543.
A flaw was found in FontForge. A remote attacker could exploit a heap-based buffer overflow vulnerability during SFD file parsing. This issue arises from insufficient validation of user-supplied data length before copying it to a buffer. Successful exploitation requires user interaction, such as opening a malicious SFD file, and could lead to arbitrary code execution in the context of the current user.
Отчет
This vulnerability is rated Important for Red Hat products. It allows for arbitrary code execution in FontForge when a user opens a specially crafted SFD file. This affects FontForge on Fedora 42, 43, Red Hat Enterprise Linux 6 ELS, 7 ELS, 8, 9, 10, and Red Hat In-Vehicle OS 2.0.
Меры по смягчению последствий
Users should exercise caution and avoid opening untrusted SFD (Spline Font Database) files with FontForge. If FontForge is not essential for system operation, consider removing the fontforge package to eliminate the attack vector. This can be achieved using the system's package manager, for example, sudo dnf remove fontforge on Red Hat Enterprise Linux and Fedora systems. Removing this package may impact functionality that relies on font editing capabilities.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | fontforge | Out of support scope | ||
| Red Hat Enterprise Linux 7 | fontforge | Affected | ||
| Red Hat Enterprise Linux 8 | fontforge | Affected | ||
| Red Hat Enterprise Linux 10 | fontforge | Fixed | RHSA-2026:2230 | 09.02.2026 |
| Red Hat Enterprise Linux 10.0 Extended Update Support | fontforge | Fixed | RHSA-2026:2232 | 09.02.2026 |
| Red Hat Enterprise Linux 9 | fontforge | Fixed | RHSA-2026:2039 | 05.02.2026 |
| Red Hat Enterprise Linux 9.4 Extended Update Support | fontforge | Fixed | RHSA-2026:2566 | 11.02.2026 |
| Red Hat Enterprise Linux 9.6 Extended Update Support | fontforge | Fixed | RHSA-2026:2213 | 09.02.2026 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SFD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28543.
FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SFD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28543.
FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Exec ...
FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SFD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28543.
EPSS
8.8 High
CVSS3