It was discovered that fontforge, a font editor, is prone to shell command injection vulnerabilities when processing specially crafted files.