Mageia Advisory: MGASA-2026-0034 - Updated fontforge packages fix security vulnerabilities

Updated fontforge packages fix security vulnerabilities

Publication date: 09 Feb 2026
Modification date: 09 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-15269 , CVE-2025-15270 , CVE-2025-15275 , CVE-2025-15279

Description

FontForge SFD File Parsing Use-After-Free Remote Code Execution
Vulnerability. (CVE-2025-15269)
FontForge SFD File Parsing Improper Validation of Array Index Remote
Code Execution Vulnerability. (CVE-2025-15270)
FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code
Execution Vulnerability. (CVE-2025-15275)
FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code
Execution Vulnerability. (CVE-2025-15279)

References

https://bugs.mageia.org/show_bug.cgi?id=35091
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NFM3OPUTYR55GA65K3XOPK3FXAH7EWEJ/
https://github.com/advisories/GHSA-hp8x-4h95-9799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15279

SRPMS

9/core

fontforge-20220308-2.2.mga9

Advisories » MGASA-2026-0034

Updated fontforge packages fix security vulnerabilities

Description

References

SRPMS

9/core