Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

SUSE 2026-20435-1 fontforge Significant RCE and Buffer Overflow Resolution

suse
Calendar Grey February 18, 2026
Dist Suse Esm H88
SUSE updates fontforge to fix important issues, addressing critical vulnerabilities and enhancing stability.
An update that solves four vulnerabilities and contains one feature can now be installed.

Summary

## This update for fontforge fixes the following issues: Update to version 20251009. Security issues fixed: * CVE-2025-15279: remote code execution via heap-based buffer overflow in BMP file parsing (bsc#1256013). * CVE-2025-15269: remote code execution via use-after-free in SFD file parsing (bsc#1256032). * CVE-2025-15275: arbitrary code execution via SFD file parsing buffer overflow (bsc#1256025). * CVE-2025-50949: memory leak in function DlgCreate8 (bsc#1252652). Other updates and bugfixes: * fix multiple crashes in Multiple Masters. * fix crash for content over 32767 characters in GDraw multiline text field. * fix crash on Up/Down * fix crash in Metrics View. * fix UFO crash for empty contours. * fix crash issue in allmarkglyphs. * Version update to 20251009: * Update documentation for py scripts (#5180)

References

* bsc#1252652

* bsc#1256013

* bsc#1256025

* bsc#1256032

* jsc#PED-14507

Cross-

* CVE-2025-15269

* CVE-2025-15275

* CVE-2025-15279

* CVE-2025-50949

CVSS scores:

* CVE-2025-15269 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-15269 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-15275 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-15275 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-15279 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-15279 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-50949 ( SUSE ): 4.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:20435-1
Release Date: 2026-02-14T21:30:01Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.