TencentOS Server 3: fontforge (TSSA-2026:0357)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0357 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Astra Linux - уязвимость в fontforge

Splinefont in FontForge, with a version number of 20230101, allows for command injection through crafted archives or compressed files...

Astra Linux - уязвимость в fontforge

Splinefont in FontForge, with a version number of 20230101, allows for command injection via crafted filenames...

Astra Linux - уязвимость в fontforge

FontForge 20190801 has a use-after-free in SFDGetFontMetaData in sfd.c...

Astra Linux - уязвимость в fontforge

FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines function in splinesave.c...

SUSE SLED15 / SLES15 Security Update : fontforge (SUSE-SU-2026:1636-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1636-1 advisory. This update for fontforge fixes the following issue: - CVE-2025-15270: Remote Code Execution via malicious SFD file...

Security update for fontforge

This update for fontforge fixes the following issue: CVE-2025-15270: Remote code execution via malicious SFD file parsing bsc1256031. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run t...

SUSE-SU-2026:1636-1 Security update for fontforge

This update for fontforge fixes the following issue: - CVE-2025-15270: Remote code execution via malicious SFD file parsing bsc1256031...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: fontforge (UTSA-2026-014311)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014311 advisory. FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary co...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: fontforge (UTSA-2026-014308)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014308 advisory. FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: fontforge (UTSA-2026-014310)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014310 advisory. FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: fontforge (UTSA-2026-014309)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014309 advisory. FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary cod...

openSUSE 16 Security Update : fontforge (openSUSE-SU-2026:20608-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20608-1 advisory. - CVE-2025-15270: lack of proper validation of user-supplied data when parsing SFD files can lead to OOB writes and arbitrary code execution bsc1256031...

SUSE-SU-2026:21375-1 Security update for fontforge

This update for fontforge fixes the following issues: - CVE-2025-15270: lack of proper validation of user-supplied data when parsing SFD files can lead to OOB writes and arbitrary code execution bsc1256031...

OPENSUSE-SU-2026:20608-1 Security update for fontforge

This update for fontforge fixes the following issues: - CVE-2025-15270: lack of proper validation of user-supplied data when parsing SFD files can lead to OOB writes and arbitrary code execution bsc1256031...

RHSA-2026:8937 Red Hat Security Advisory: fontforge security update

Bulletin has no description...

RHSA-2026:8875 Red Hat Security Advisory: fontforge security update

Bulletin has no description...

fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing

A flaw was found in FontForge. This use-after-free vulnerability, occurring during the parsing of SFD Spline Font Database files, allows a remote attacker to execute arbitrary code. Successful exploitation requires user interaction, such as opening a specially crafted malicious file or visiting a...

Important: Red Hat Security Advisory: fontforge security update

An update for fontforge is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing

A flaw was found in FontForge. This heap-based buffer overflow vulnerability occurs during the parsing of pixels within BMP Bitmap files, due to insufficient validation of user-supplied data length. A remote attacker could exploit this by tricking a user into opening a malicious BMP file or...