SUSE-SU-2026:20435-1: important: Security update for fontforge
SLE-SECURITY-UPDATES
null at suse.de
Wed Feb 18 16:30:32 UTC 2026
# Security update for fontforge
Announcement ID: SUSE-SU-2026:20435-1
Release Date: 2026-02-14T21:30:01Z
Rating: important
References:
* bsc#1252652
* bsc#1256013
* bsc#1256025
* bsc#1256032
* jsc#PED-14507
Cross-References:
* CVE-2025-15269
* CVE-2025-15275
* CVE-2025-15279
* CVE-2025-50949
CVSS scores:
* CVE-2025-15269 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-15269 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-15275 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-15275 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-15279 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-15279 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-50949 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-50949 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-50949 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
* SUSE Linux Enterprise Server 16.0
* SUSE Linux Enterprise Server for SAP Applications 16.0
An update that solves four vulnerabilities and contains one feature can now be
installed.
## Description:
This update for fontforge fixes the following issues:
Update to version 20251009.
Security issues fixed:
* CVE-2025-15279: remote code execution via heap-based buffer overflow in BMP
file parsing (bsc#1256013).
* CVE-2025-15269: remote code execution via use-after-free in SFD file parsing
(bsc#1256032).
* CVE-2025-15275: arbitrary code execution via SFD file parsing buffer
overflow (bsc#1256025).
* CVE-2025-50949: memory leak in function DlgCreate8 (bsc#1252652).
Other updates and bugfixes:
* fix multiple crashes in Multiple Masters.
* fix crash for content over 32767 characters in GDraw multiline text field.
* fix crash on Up/Down
* fix crash in Metrics View.
* fix UFO crash for empty contours.
* fix crash issue in allmarkglyphs.
* Version update to 20251009:
* Update documentation for py scripts (#5180)
* Update GitHub CI runners (#5328)
* Update po files from Croudin sources. (#5330)
* Use consistent Python in MacOS GitHub runner (#5331)
* Fix CI for Windows GitHub runner (#5335)
* Fix lookup flags parsing (#5338)
* Fixes (#5332): glyph file names uXXXXX (#5333)
* make harmonization robust and avoid zero handles after harmonization (#5262)
* Quiet strict prototypes warnings. (#5313)
* Fix crash in parsegvar() due to insufficient buffer (#5339)
* Handle failed iconv conversion. Unhandled execution path was UB, causing a
segfault for me (#5329)
* Fix CMake function _get_git_version() (#5342)
* Don't require individual tuple encapsulation in fontforge.font.bitmapSizes
setter (#5138)
* nltransform of anchor points (#5345)
* Fix generateFontPostHook being called instead of generateFontPreHook (#5226)
* Always set usDefaultChar to 0 (.notdef) (#5242)
* add font attributes, method to Python docs (#5353)
* fix segfault triggered by Python del c[i:j] (#5352)
* Autoselect internal WOFF2 format (#5346)
* Fix typos in the FAQ (#5355)
* add font.style_set_names attribute to Python API (#5354)
* Bulk tester (#5365)
* Fix Splinefont shell invocation (#5367)
* Fix the lists of Windows language IDs (#5359)
* Support suplementary planes in SFD (emojis etc.) (#5364)
* Remove psaltnames for multi-code-point names (#5305)
* doc: added missing sudo to installation instructions (#5300)
* Fix data corruption on SFD reading (#5380)
* Compare vertical metrics check when generating TTC (#5372)
* Treat FT_PIXEL_MODE_MONO as 2 grey levels (#5379)
* Don't attempt to copy anchors into NULL font (#5405)
* Fix export of supplementary plane characters in font name to TTF (#5396)
* Defer crowdin update to the end of the pipeline (#5409)
* Fix generated feature file bugs (#5384)
* crowdin: update to java 17 (#5447)
* Remove assert from Python script processor (#5410)
* Use sysconfig for Python module locations (#5423)
* Use PyConfig API on Python 3.8 (#5404)
* Fix resource leak in unParseTTInstrs (#5476)
* Only install GUI-specific files if ENABLE_GUI is set (#5451)
* add math device tables to Python API (#5348)
* Update CI runner to macOS 13 (#5482)
* Allow hyphen and special characters in Feature File glyph names (#5358)
* Fix Python font.appendSFNTName() function (#5494)
* Update mm.c (#5386)
* Warning rollup (probably some hidden bugs!) from clang trunk (#5492)
* Fix function PyFFFont_addSmallCaps. (#5519)
* Make SmallCaps() create symbols (#5517)
* Segfault fix and complete implementation of "Don't generate FFTM tables"
(#5509)
* Modernize fixed pitch flag computation (#5506)
* fix memleak in function utf7toutf8_copy (#5495)
* Avoid crashes in Python scripts when objects are accessed in invalid state
(#5483)
* Fix CI for Ubuntu 24 (#5531)
* Bump GitHub CI runner to Ubuntu 22 (#5551)
* Fix memory corruption in SFUnicodeRanges() (#5537)
* Add contour draw option to H.Metrics. (#5496)
* Fix scaling of references in CharView (#5558)
* Fix TTF validation on load for fixed pitch fonts (#5562)
* Performance fixes for GSUB/GPOS dumps (#5547)
* Simple GTK-based dialog with CSS appearance support (#5546)
* Support Harfbuzz in Metrics View (#5522)
* Update po files from crowdin translations (#5575)
* Be more clever about label text in gtextfield (#5583)
* Add minimal support for GDEF version 1.3 (#5584)
* Sanitize messages from python (#5589)
* Fix a crash caused by deleting a glyph with vertical kerning pairs. (#5592)
* THEME -> GUI_THEME (#5596)
* Update po translations from Crowdin (#5593)
* Upgrade to Unicode 16.0.0 (#5594)
* Fix Linux AppImage (#5599)
* Upgrade to Unicode 17.0.0 and extend the language and script lists (#5618)
* Remove X11 and non-Cairo drawing backends (#5612)
* Add macOS dependency setup script (#5563)
* Fix hotkeys in BitmapView (#5626)
* Manually install Inno Setup 6 (#5621)
* Remove cv->back_img_out_of_date and cv->backimgs (#5625)
* fix spelling "bt" -> "but" (#5636)
* Fix typos in Python module docs (#5634)
* Version update to 20230101+git59.770356c9b:
* Add contour draw option to H.Metrics. (#5496)
* Fix memory corruption in SFUnicodeRanges() (#5537)
* Bump GitHub CI runner to Ubuntu 22 (#5551)
* Fix CI for Ubuntu 24 (#5531)
* Avoid crashes in Python scripts when objects are accessed in invalid state
(#5483)
* fix memleak in function utf7toutf8_copy (#5495)
* Modernize fixed pitch flag computation (#5506)
* Segfault fix and complete implementation of "Don't generate FFTM tables"
(#5509)
* Make SmallCaps() translate symbols, too. Update documentation accordingly.
(#5517)
* Fix function PyFFFont_addSmallCaps. (#5519)
* Warning rollup (probably some hidden bugs!) from clang trunk (#5492)
* Update mm.c (#5386)
* fix memleak in function DlgCreate8 (#5491)
* Fix Python font.appendSFNTName() function (#5494)
* Allow hyphen and special characters in Feature File glyph names (#5358)
* Update CI runner to macOS 13 (#5482)
* add math device tables to Python API (#5348)
* Only install GUI-specific files if ENABLE_GUI is set (#5451)
* Fix resource leak in unParseTTInstrs (#5476)
* Use PyConfig API on Python 3.8 (#5404)
* Use sysconfig for Python module locations (#5423)
* More crowdin fix
* Python script shall trigger no asserts (#5410)
* crowdin: update to java 17 (#5447)
* try fix crowdin
* Fix generated feature file bugs (#5384)
* Defer crowdin update to the end of the pipeline (#5409)
* Fix export of supplementary plane characters in font name to TTF (#5396)
* Don't attempt to copy anchors into NULL font (#5405)
* Treat FT_PIXEL_MODE_MONO as 2 grey levels (#5379)
* Compare vertical metrics check when generating TTC (#5372)
* Fix data corruption on SFD reading (#5380)
* doc: added missing sudo to installation instructions (#5300)
* Remove `psaltnames` for multi-code-point names (#5305)
* Support suplementary planes in SFD (emojis etc.) (#5364)
* Fix the lists of Windows language IDs (#5359)
* fix splinefont shell command injection (#5367)
* Bulk tester (#5365)
* add `font.style_set_names` attribute to Python API (#5354)
* Fix typos in the FAQ (#5355)
* Autoselect internal WOFF2 format (#5346)
* fix segfault triggered by Python `del c[i:j]` (#5352)
* add `font` attributes, method to Python docs (#5353)
* Always set `usDefaultChar` to 0 (.notdef) (#5242)
* Fix generateFontPostHook being called instead of generateFontPreHook (#5226)
* nltransform of anchor points (#5345)
* Don't require individual tuple encapsulation in fontforge.font.bitmapSizes
setter (#5138)
* Fix CMake function _get_git_version() (#5342)
* Handle failed iconv conversion. Unhandled execution path was UB, causing a
segfault for me (#5329)
* Fix crash in parsegvar() due to insufficient buffer (#5339)
* Quiet strict prototypes warnings. (#5313)
* harmonizing can now no longer produce zero handles, the computation of
harmonization is now numerically robust (#5262)
* Fix glyph file names uXXXXX (#5333)
* Fix lookup flags parsing (#5338)
* Duplicate libfontforge.dll for "py" and "pyhook" tests. (#5335)
* Use consistent Python in MacOS GitHub runner (#5331)
* Update po files from Croudin sources after fixing problems
* Fix GinHub CI runners (#5328)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 16.0
zypper in -t patch SUSE-SLES-16.0-286=1
* SUSE Linux Enterprise Server for SAP Applications 16.0
zypper in -t patch SUSE-SLES-16.0-286=1
## Package List:
* SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64)
* fontforge-20251009-160000.1.1
* fontforge-devel-20251009-160000.1.1
* fontforge-debugsource-20251009-160000.1.1
* fontforge-debuginfo-20251009-160000.1.1
* SUSE Linux Enterprise Server 16.0 (noarch)
* fontforge-doc-20251009-160000.1.1
* SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64)
* fontforge-20251009-160000.1.1
* fontforge-devel-20251009-160000.1.1
* fontforge-debugsource-20251009-160000.1.1
* fontforge-debuginfo-20251009-160000.1.1
* SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch)
* fontforge-doc-20251009-160000.1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-15269.html
* https://www.suse.com/security/cve/CVE-2025-15275.html
* https://www.suse.com/security/cve/CVE-2025-15279.html
* https://www.suse.com/security/cve/CVE-2025-50949.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252652
* https://bugzilla.suse.com/show_bug.cgi?id=1256013
* https://bugzilla.suse.com/show_bug.cgi?id=1256025
* https://bugzilla.suse.com/show_bug.cgi?id=1256032
* https://jira.suse.com/browse/PED-14507
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20260218/ca68e31e/attachment.htm>
More information about the sle-security-updates
mailing list