{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15279", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2025-12-29T20:02:24.068Z", "datePublished": "2025-12-31T06:59:37.307Z", "dateUpdated": "2025-12-31T16:19:37.251Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2025-12-31T06:59:37.307Z"}, "title": "FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "descriptions": [{"lang": "en", "value": "FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of pixels within BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27517."}], "affected": [{"vendor": "FontForge", "product": "FontForge", "versions": [{"version": "387146a241b36bcdf6ce229c5a3fe367ed3854a1", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1184/", "name": "ZDI-25-1184", "tags": ["x_research-advisory"]}], "dateAssigned": "2025-12-29T20:02:24.097Z", "datePublic": "2025-12-29T22:54:02.069Z", "source": {"lang": "en", "value": "volticks (@movx64 on twitter)"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-31T16:19:31.313184Z", "id": "CVE-2025-15279", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-31T16:19:37.251Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15279", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-31T16:19:31.313184Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-31T16:19:34.488Z"}}], "cna": {"title": "FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "source": {"lang": "en", "value": "volticks (@movx64 on twitter)"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "FontForge", "product": "FontForge", "versions": [{"status": "affected", "version": "387146a241b36bcdf6ce229c5a3fe367ed3854a1"}], "defaultStatus": "unknown"}], "datePublic": "2025-12-29T22:54:02.069Z", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1184/", "name": "ZDI-25-1184", "tags": ["x_research-advisory"]}], "dateAssigned": "2025-12-29T20:02:24.097Z", "descriptions": [{"lang": "en", "value": "FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of pixels within BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27517."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2025-12-31T06:59:37.307Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15279", "state": "PUBLISHED", "dateUpdated": "2025-12-31T16:19:37.251Z", "dateReserved": "2025-12-29T20:02:24.068Z", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "datePublished": "2025-12-31T06:59:37.307Z", "assignerShortName": "zdi"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fontforge:fontforge:20251009:*:*:*:*:*:*:*", "matchCriteriaId": "1C318A12-82C3-4AD4-9BDF-A7B485A20A38", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of pixels within BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27517."}], "id": "CVE-2025-15279", "lastModified": "2026-01-07T15:57:12.510", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-12-31T07:15:52.353", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1184/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing", "id": "2426421", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426421"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-122", "details": ["FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\nThe specific flaw exists within the parsing of pixels within BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27517.", "A flaw was found in FontForge. This heap-based buffer overflow vulnerability occurs during the parsing of pixels within BMP (Bitmap) files, due to insufficient validation of user-supplied data length. A remote attacker could exploit this by tricking a user into opening a malicious BMP file or visiting a malicious page. Successful exploitation could lead to arbitrary code execution in the context of the current user."], "mitigation": {"lang": "en:us", "value": "Users are advised to avoid opening untrusted or suspicious BMP files with FontForge to prevent exploitation. If FontForge is not a required application, consider removing the `fontforge` package to eliminate the attack surface. Removing this package may impact functionality that relies on FontForge."}, "name": "CVE-2025-15279", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "fontforge", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "fontforge", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "fontforge", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "fontforge", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "fontforge", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-31T06:59:37Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-15279\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-15279\nhttps://www.zerodayinitiative.com/advisories/ZDI-25-1184/"], "statement": "This vulnerability is rated Important for Red Hat as it allows remote code execution via a heap-based buffer overflow in FontForge when parsing malicious BMP files. Exploitation requires user interaction, where a target must open a malicious BMP file or visit a malicious page. FontForge is available in Red Hat Enterprise Linux and Fedora distributions.", "threat_severity": "Important"}