libfontforge.so is vulnerable to remote code execution (RCE) attacks through buffer overflow. A malicious user can pass a ttf
file to the readcffset
function in parsettf.c
to cause a buffer overflow that can crash the application or cause arbitrary code to be executed.