A high-severity vulnerability has been identified in multiple FontForge products, which could allow an attacker to take full control of an affected system. The flaw is triggered when a user opens a specially crafted font (SFD) file, leading to a heap-based buffer overflow that enables remote code execution. This could result in a complete system compromise, data theft, or the installation of malware.

This vulnerability is a heap-based buffer overflow that occurs within the file parsing component of FontForge when processing SFD (Spline Font Database) files. An attacker can craft a malicious SFD file with specific data that exceeds the allocated buffer size in the application's memory. When a victim opens this malicious file, the application attempts to write the oversized data, causing it to overflow the buffer and corrupt adjacent memory, which can be leveraged by the attacker to execute arbitrary code with the same permissions as the user running the software.

This vulnerability is rated as High severity with a CVSS score of 8.8, posing a significant risk to the organization. Successful exploitation could lead to a complete compromise of the affected workstation or server, allowing an attacker to steal sensitive data, install persistent malware such as ransomware or spyware, or use the compromised system as a foothold to move laterally within the network. The potential consequences include loss of intellectual property, operational disruption, financial loss, and reputational damage.

Immediate Action: Apply the security patches released by FontForge to all affected systems immediately, prioritizing any internet-facing systems or those used to process files from untrusted sources. Following patching, monitor for any signs of exploitation attempts by reviewing application and system access logs for anomalous activity.

Proactive Monitoring: Implement enhanced monitoring on systems running FontForge. Look for application crashes, unexpected process creation originating from the FontForge executable, or unusual outbound network traffic from affected endpoints. Endpoint Detection and Response (EDR) solutions should be configured to alert on suspicious behavior chains involving FontForge.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• User Awareness: Instruct users to avoid opening SFD files from untrusted or unknown sources, such as email attachments or web downloads.
• Sandboxing: Run FontForge in a restricted, sandboxed environment to contain any potential exploitation and limit its access to the underlying operating system.
• Principle of Least Privilege: Ensure the application is run by users with non-administrative privileges to limit the impact of a successful exploit.

Public Exploit Available: false

Given the high CVSS score of 8.8, this vulnerability requires immediate attention. We strongly recommend that organizations prioritize the deployment of the vendor-supplied patches to all vulnerable systems without delay. Although this CVE is not currently listed on the CISA KEV catalog, its critical nature warrants urgent remediation to prevent potential system compromise and data breaches. If patching is delayed, the compensating controls listed above should be implemented as an interim measure.