TencentOS Server 3: fontforge (TSSA-2026:0357)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0357 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

SUSE SLED15 / SLES15 Security Update : fontforge (SUSE-SU-2026:1636-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1636-1 advisory. This update for fontforge fixes the following issue: - CVE-2025-15270: Remote Code Execution via malicious SFD file...

Security update for fontforge

This update for fontforge fixes the following issue: CVE-2025-15270: Remote code execution via malicious SFD file parsing bsc1256031. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run t...

openSUSE 16 Security Update : fontforge (openSUSE-SU-2026:20608-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20608-1 advisory. - CVE-2025-15270: lack of proper validation of user-supplied data when parsing SFD files can lead to OOB writes and arbitrary code execution bsc1256031...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: fontforge (UTSA-2026-014311)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014311 advisory. FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary co...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: fontforge (UTSA-2026-014308)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014308 advisory. FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: fontforge (UTSA-2026-014310)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014310 advisory. FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected...

OPENSUSE-SU-2026:20608-1 Security update for fontforge

This update for fontforge fixes the following issues: - CVE-2025-15270: lack of proper validation of user-supplied data when parsing SFD files can lead to OOB writes and arbitrary code execution bsc1256031...

Important: Red Hat Security Advisory: fontforge security update

An update for fontforge is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

fontforge: FontForge: Remote Code Execution via malicious SFD file parsing

A flaw was found in FontForge. This vulnerability allows a remote attacker to execute arbitrary code by tricking a user into opening a specially crafted SFD Spline Font Database file. The issue stems from improper validation of array indexes during SFD file parsing, which can lead to writing data...

RHEL 10 : fontforge (RHSA-2026:8875)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:8875 advisory. FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Typ...

AlmaLinux 8 : fontforge (ALSA-2026:7677)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:7677 advisory. fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing CVE-2025-15279 fontforge: FontForge: Remote Code Execution...

fontforge security update

An update is available for fontforge. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FontForge is a font editor for outline and bitmap fonts. It supports a rang...

RLSA-2026:7677 Important: fontforge security update

FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts. Security Fixes: fontforge: FontForge: Remote Code Execution via heap-based buffer...

fontforge security update

20200314-7 - Resolves: RHEL-138168 CVE-2025-15270 SFD File Parsing Remote Code Execution Vulnerability - Resolves: RHEL-138174 CVE-2025-15279 GUtils BMP File Parsing Heap-based Buffer Overflow - Resolves: RHEL-138190 CVE-2025-15275 SFD File Parsing Heap-based Buffer Overflow - Resolves: RHEL-1381...

RockyLinux 8 : fontforge (RLSA-2026:7677)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7677 advisory. fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing CVE-2025-15279 fontforge: FontForge: Remote Code Execution...

Important: Red Hat Security Advisory: fontforge security update

An update for fontforge is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

fontforge: FontForge: Arbitrary code execution via SFD file parsing buffer overflow

A flaw was found in FontForge. A remote attacker could exploit a heap-based buffer overflow vulnerability during SFD file parsing. This issue arises from insufficient validation of user-supplied data length before copying it to a buffer. Successful exploitation requires user interaction, such as...

ALSA-2026:7677 Important: fontforge security update

FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts. Security Fixes: fontforge: FontForge: Remote Code Execution via heap-based buffer...

Important: fontforge security update

FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts. Security Fixes: fontforge: FontForge: Remote Code Execution via heap-based buffer...