Mageia alert MGASA-2026-0034 (fontforge) [LWN.net]


From:
               Mageia Updates <updates-announce@ml.mageia.org>
To:
               updates-announce@ml.mageia.org
Subject:
               [updates-announce] MGASA-2026-0034: Updated fontforge packages fix security vulnerabilities
Date:
               Mon, 09 Feb 2026 20:57:15 +0100
Message-ID:
               <20260209195715.324509FC8F@duvel.mageia.org>
Archive-link:
               Article
MGASA-2026-0034 - Updated fontforge packages fix security vulnerabilities

Publication date: 09 Feb 2026
URL: https://advisories.mageia.org/MGASA-2026-0034.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2025-15269,
     CVE-2025-15270,
     CVE-2025-15275,
     CVE-2025-15279

Description:
FontForge SFD File Parsing Use-After-Free Remote Code Execution
Vulnerability. (CVE-2025-15269)
FontForge SFD File Parsing Improper Validation of Array Index Remote
Code Execution Vulnerability. (CVE-2025-15270)
FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code
Execution Vulnerability. (CVE-2025-15275)
FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code
Execution Vulnerability. (CVE-2025-15279)

References:
- https://bugs.mageia.org/show_bug.cgi?id=35091
-
https://lists.fedoraproject.org/archives/list/package-ann...
- https://github.com/advisories/GHSA-hp8x-4h95-9799
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1...

SRPMS:
- 9/core/fontforge-20220308-2.2.mga9

From:		Mageia Updates <updates-announce@ml.mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2026-0034: Updated fontforge packages fix security vulnerabilities
Date:		Mon, 09 Feb 2026 20:57:15 +0100
Message-ID:		<20260209195715.324509FC8F@duvel.mageia.org>
Archive-link:		Article