[ALSA-2026:7677] Important: fontforge security update
Type:
security
Severity:
important
Release date:
2026-04-15
Description:
FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed fonts. Security Fix(es): * fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing (CVE-2025-15279) * fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing (CVE-2025-15269) * fontforge: FontForge: Arbitrary code execution via SFD file parsing buffer overflow (CVE-2025-15275) * fontforge: FontForge: Remote Code Execution via malicious SFD file parsing (CVE-2025-15270) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 fontforge-20200314-7.el8_10.aarch64.rpm 52f1cd344e7a775a9dd5029f7ac90a594789a4c4cfad962789cdaf15b67ff9d1
i686 fontforge-20200314-7.el8_10.i686.rpm 8afa7a1f3c86c4428017c09ffce6727da7b2a04bf20b84270d26f0fa39858df7
ppc64le fontforge-20200314-7.el8_10.ppc64le.rpm 232d60b9c3678094bbb67d6d43e8444cad73971147a66ebb442612f966d9d444
s390x fontforge-20200314-7.el8_10.s390x.rpm 135e7ea09c0eacabb3a2ce7abd963490058c4086095264c9ef844aa0d571e515
x86_64 fontforge-20200314-7.el8_10.x86_64.rpm 9c37373cbbab181472c353acf7304b69a314c82b741cd26f143edc49088d0bf0
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.