fontforge-20251009-4.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:10122-1 Final 1 1 2026-01-30T00:00:00Z current 2026-01-30T00:00:00Z 2026-01-30T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z fontforge-20251009-4.1 on GA media These are all security issues fixed in the fontforge-20251009-4.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2026-10122 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-15269/ SUSE CVE CVE-2025-15269 page https://www.suse.com/security/cve/CVE-2025-15275/ SUSE CVE CVE-2025-15275 page https://www.suse.com/security/cve/CVE-2025-15279/ SUSE CVE CVE-2025-15279 page openSUSE Tumbleweed fontforge-20251009-4.1 fontforge-devel-20251009-4.1 fontforge-doc-20251009-4.1 fontforge-20251009-4.1 as a component of openSUSE Tumbleweed fontforge-devel-20251009-4.1 as a component of openSUSE Tumbleweed fontforge-doc-20251009-4.1 as a component of openSUSE Tumbleweed FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SFD files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28564. CVE-2025-15269 openSUSE Tumbleweed:fontforge-20251009-4.1 openSUSE Tumbleweed:fontforge-devel-20251009-4.1 openSUSE Tumbleweed:fontforge-doc-20251009-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-15269.html CVE-2025-15269 https://bugzilla.suse.com/1256032 SUSE Bug 1256032 FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SFD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28543. CVE-2025-15275 openSUSE Tumbleweed:fontforge-20251009-4.1 openSUSE Tumbleweed:fontforge-devel-20251009-4.1 openSUSE Tumbleweed:fontforge-doc-20251009-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-15275.html CVE-2025-15275 https://bugzilla.suse.com/1256025 SUSE Bug 1256025 FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of pixels within BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27517. CVE-2025-15279 openSUSE Tumbleweed:fontforge-20251009-4.1 openSUSE Tumbleweed:fontforge-devel-20251009-4.1 openSUSE Tumbleweed:fontforge-doc-20251009-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-15279.html CVE-2025-15279 https://bugzilla.suse.com/1256013 SUSE Bug 1256013