CVE-2025-50951

Publication date 23 October 2025

Last updated 5 January 2026

Ubuntu priority

Low

Why this priority?

Cvss 3 Severity Score

6.5 · Medium

Score breakdown

Description

FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_copy function at /fontforge/sfd.c.

Why is this CVE low priority?

Small memory leak issue

Learn more about Ubuntu priority

Status

Package Ubuntu Release Status
fontforge 26.04 LTS resolute
Vulnerable
25.10 questing
Vulnerable
25.04 plucky Ignored end of life, was needed
24.04 LTS noble
Vulnerable
22.04 LTS jammy
Vulnerable
20.04 LTS focal
Vulnerable
18.04 LTS bionic
Vulnerable
16.04 LTS xenial Ignored end of ESM support, was needed

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
fontforge

Severity score breakdown

CVSS version: CVSS v3.0

Base score 6.5 · Medium

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Other references

Access our resources on patching vulnerabilities