[ALSA-2026:2230] Important: fontforge security update
Type:
security
Severity:
important
Release date:
2026-02-10
Description:
FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed fonts. Security Fix(es): * fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing (CVE-2025-15279) * fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing (CVE-2025-15269) * fontforge: FontForge: Arbitrary code execution via SFD file parsing buffer overflow (CVE-2025-15275) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 fontforge-20230101-14.el10_1.aarch64.rpm 4b9724b325e4b37a8fb7c7b5c29f3b681104296f97b6b78ab976c1a894cc1044
ppc64le fontforge-20230101-14.el10_1.ppc64le.rpm 2ed1233963ba031982f395b7df187508ed46bcf3b80514c9faa273613a994606
s390x fontforge-20230101-14.el10_1.s390x.rpm ea393157653dabbc864aa02ea7a1764634bd1a5874c1dc816c64000ee0274bfa
x86_64 fontforge-20230101-14.el10_1.x86_64.rpm 116dea6881618a0d8facfd77453e89eb5d262474f24ee13f80946593dcbe50fa
x86_64_v2 fontforge-20230101-14.el10_1.x86_64_v2.rpm b3eb51b332e6a1e021dba76107ec1cc9c46b410ca2334ca609555ee62f223b2f
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.