Explore top 10 tips to secure your open-source projects now. Read More
×
## This update for fontforge fixes the following issues: Update to version 20251009. Security issues fixed: * CVE-2025-15279: remote code execution via heap-based buffer overflow in BMP file parsing (bsc#1256013). * CVE-2025-15269: remote code execution via use-after-free in SFD file parsing (bsc#1256032). * CVE-2025-15275: arbitrary code execution via SFD file parsing buffer overflow (bsc#1256025). * CVE-2025-50949: memory leak in function DlgCreate8 (bsc#1252652). Other updates and bugfixes: * fix multiple crashes in Multiple Masters. * fix crash for content over 32767 characters in GDraw multiline text field. * fix crash on Up/Down * fix crash in Metrics View. * fix UFO crash for empty contours. * fix crash issue in allmarkglyphs. * Version update to 20251009: * Update documentation for py scripts (#5180)
* bsc#1252652
* bsc#1256013
* bsc#1256025
* bsc#1256032
* jsc#PED-14507
Cross-
* CVE-2025-15269
* CVE-2025-15275
* CVE-2025-15279
* CVE-2025-50949
CVSS scores:
* CVE-2025-15269 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-15269 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-15275 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-15275 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-15279 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-15279 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-50949 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Get the latest Linux and open source security news straight to your inbox.