Browse all 12 CVE security advisories affecting FontForge. AI-powered Chinese analysis, POCs, and references for each vulnerability.
FontForge serves as a primary open-source font editor for creating and modifying digital typefaces. Historically, it has been vulnerable to multiple remote code execution flaws due to buffer overflows in parsing font files, along with cross-site scripting vulnerabilities in web-based components and privilege escalation issues through insecure file handling. Notable security characteristics include its C/C++ codebase which has been prone to memory corruption flaws, with 12 documented CVEs including critical RCE vulnerabilities in recent years. The application's complex parsing of various font formats has consistently introduced security risks, making it a target for exploitation through maliciously crafted font files.
This page lists every published CVE security advisory associated with FontForge. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.