FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c.
fontforge fontforge 20190801
opensuse leap 15.1