关键信息 CVE ID: CVE-2025-15270 CVSS Score: 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Affected Vendors: FontForge Affected Products: FontForge Vulnerability Type: Remote Code Execution Vulnerability Details: - Description: Improper validation of array index in SFD file parsing allows remote attackers to execute arbitrary code. - Attack Vector: User interaction is required; visiting a malicious page or opening a malicious file. - Specific Issue: Lack of proper validation of user-supplied data can result in a write past the end of an allocated array. Disclosure Timeline: - 2025-12-12: Vulnerability reported to vendor - 2025-12-29: Coordinated public release of advisory Credit: Anonymous Mitigation: Restrict interaction with the product.