Fedora 42 fontforge Critical Remote Execution Fix FEDORA-2026-9b8156c2a9
fedora
February 1, 2026
Resolves: CVE-2025-15279, CVE-2025-15275, CVE-2025-15269
Summary
FontForge (former PfaEdit) is a font editor for outline and bitmap
fonts. It supports a range of font formats, including PostScript
(ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType
(Type2) and CID-keyed fonts.
Update Information:
Resolves: CVE-2025-15279, CVE-2025-15275, CVE-2025-15269
Topics Covered
Change Log
* Thu Jan 22 2026 Parag Nemade
References
[ 1 ] Bug #2426577 - CVE-2025-15269 fontforge: FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2426577
[ 2 ] Bug #2426589 - CVE-2025-15275 fontforge: FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2426589
[ 3 ] Bug #2426593 - CVE-2025-15279 fontforge: FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2426593
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9b8156c2a9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: fontforge
Product: Fedora 42
Version: 20230101
Release: 18.fc42
Summary: Outline and bitmap font editor
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!