CVE-2025-47749

Summary

V-SFT v6.2.5.0 and earlier contains an issue with free of pointer not at start of buffer in VS6EditData.dll!CWinFontInf::WinFontMsgCheck function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
FUJI ELECTRIC CO., LTD.V-SFTv6.2.5.0 and earlieraffected

Weaknesses

  • CWE-761: Free of pointer not at start of buffer

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References