{"id":"CVE-2024-25081","details":"Splinefont in FontForge through 20230101 allows command injection via crafted filenames.","modified":"2026-04-09T10:00:33.577712Z","published":"2024-02-26T16:27:58.710Z","related":["ALSA-2024:4267","ALSA-2024:9439","CGA-qfhx-mrjc-9993","MGASA-2024-0082","SUSE-SU-2024:0863-1","SUSE-SU-2024:0864-1","openSUSE-SU-2024:13755-1"],"references":[{"type":"WEB","url":"https://fontforge.org/en-US/downloads/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCH22HIO2C6M4BZWF5EYIWVFBXL5BQAH/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2024/03/08/2"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00007.html"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCH22HIO2C6M4BZWF5EYIWVFBXL5BQAH/"},{"type":"FIX","url":"https://github.com/fontforge/fontforge/pull/5367"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fontforge/fontforge","events":[{"introduced":"0"},{"last_affected":"a1dad3e81da03d5d5f3c4c1c1b9b5ca5ebcfcecf"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"20230101"}]}}],"versions":["2.0.20140101","20141013","20141014","20141126","20141230","20150228","20150330","20150430","20150612","20150824","20160403","20160404","20160930","20161001","20161004","20161005","20161012","20170730","20170731","20190317","20190413","20190801","20200314","20201107","20220308","20230101","v2.1.0","v20110222","v20120731-b"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"40"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-25081.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L"}]}