[ALSA-2026:2039] Important: fontforge security update
Type:
security
Severity:
important
Release date:
2026-02-06
Description:
FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed fonts. Security Fix(es): * fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing (CVE-2025-15279) * fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing (CVE-2025-15269) * fontforge: FontForge: Arbitrary code execution via SFD file parsing buffer overflow (CVE-2025-15275) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 fontforge-20201107-7.el9_7.aarch64.rpm a4dcc8c46b505bff777ba982999c0889904224bff34d7f8824f1dc1a5eee1b1d
i686 fontforge-20201107-7.el9_7.i686.rpm c1f3fd59015f233656f63bd6bf43515adcb1fb56dc579e67cc671bb3ab09f8af
ppc64le fontforge-20201107-7.el9_7.ppc64le.rpm 25f1238be5e5a4859904df2ec45b3695110da38092b08e53d9220f0f4bd59f2a
s390x fontforge-20201107-7.el9_7.s390x.rpm acf6b292ddf457351a598b2540ba7136db808efafa92c6747fb30f036755326a
x86_64 fontforge-20201107-7.el9_7.x86_64.rpm 5011d874eb13f44496980d79ae0b8cd9bfa004db13120c468575164c2a263041
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.