Primary

Context

FontForge Memory Leak Vulnerability in utf7toutf8_copy Function

Vulnerability

Patched

A memory leak vulnerability has been identified in FontForge versions through 20230101. The issue arises in the utf7toutf8_copy function, leading to a denial-of-service condition by causing unnecessary memory consumption.

Impact

Exploitation of this vulnerability causes a memory leak, which can lead to increased memory usage and potential denial-of-service conditions.

Reproduction

The vulnerability can be reproduced by compiling FontForge with leak sanitization enabled, using specific compiler flags. After compiling and installing the application, the memory leak can be triggered by executing FontForge with a command that opens a specially crafted file, which can be referenced as 'poc_file'.

Remediation

Users can upgrade to the latest version of FontForge, where this vulnerability has been fixed.

Added: Oct 23, 2025, 4:17 PM

Updated: Oct 23, 2025, 5:23 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.8

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.8

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FontForge Memory Leak Vulnerability in utf7toutf8_copy Function

Vulnerability

Impact

Reproduction

Remediation

Affected Products

FontForge

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating