CVE-2025-15274 – A heap-based buffer overflow vulnerability in F... (How to Fix)

Q: What is the severity of CVE-2025-15274?

CVE-2025-15274 has a CVSS score of 8.8 (HIGH). A heap-based buffer overflow vulnerability in FontForge's SFD file parser allows remote attackers to execute arbitrary code when users open malicious files or visit malicious pages. This affects all FontForge installations that process SFD files, potentially compromising user systems.

📋 TL;DR

A heap-based buffer overflow vulnerability in FontForge's SFD file parser allows remote attackers to execute arbitrary code when users open malicious files or visit malicious pages. This affects all FontForge installations that process SFD files, potentially compromising user systems.

💻 Affected Systems

Products:

FontForge

Versions: All versions prior to patch

Operating Systems: Linux, Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Any system with FontForge installed that processes SFD files is vulnerable. The vulnerability requires user interaction to trigger.

📦 What is this software?

Fontforge by Fontforge

View all CVEs affecting Fontforge →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the user's account and potentially escalating privileges to compromise the entire system.

🟠

Likely Case

Attacker executes code with current user privileges, leading to data theft, ransomware deployment, or lateral movement within the network.

🟢

If Mitigated

Limited impact if user runs with minimal privileges, but still potential for data exfiltration from user context.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction (opening malicious file). The vulnerability is in a widely used font tool, making it attractive for targeted attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check FontForge official releases for specific version

Vendor Advisory: https://github.com/fontforge/fontforge/security/advisories

Restart Required: Yes

Instructions:

1. Check current FontForge version
2. Visit FontForge GitHub releases page
3. Download and install latest version
4. Restart system or application

🔧 Temporary Workarounds

Disable SFD file association

all

Prevent automatic opening of SFD files with FontForge

On Linux: update mime-type associations
On Windows: modify file associations in registry
On macOS: change default application for .sfd files

User awareness training

all

Educate users not to open SFD files from untrusted sources

🧯 If You Can't Patch

Implement application whitelisting to block FontForge execution
Use network segmentation to isolate systems running FontForge

🔍 How to Verify

Check if Vulnerable:

Check if FontForge is installed and version is unpatched

Check Version:

fontforge --version

Verify Fix Applied:

Verify FontForge version matches or exceeds patched version

📡 Detection & Monitoring

Log Indicators:

FontForge crash logs
Unexpected process creation from FontForge
Memory access violations in system logs

Network Indicators:

Outbound connections from FontForge process to suspicious IPs
DNS requests for command and control domains

SIEM Query:

Process:fontforge AND (EventID:1000 OR EventID:1001) OR Network:Outbound AND Process:fontforge

📊 Metadata

CVE ID: CVE-2025-15274

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-122

EPSS Score: 0.28% exploit probability (51.3th percentile)

Published: December 31, 2025

Last Updated: January 7, 2026

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-1190/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15274, you might also want to check these: