Security update for fontforge

Announcement ID:	SUSE-SU-2026:20435-1
Release Date:	2026-02-14T21:30:01Z
Rating:	important
References:	bsc#1252652 bsc#1256013 bsc#1256025 bsc#1256032 jsc#PED-14507
Cross-References:	CVE-2025-15269 CVE-2025-15275 CVE-2025-15279 CVE-2025-50949
CVSS scores:	CVE-2025-15269 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2025-15269 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2025-15275 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2025-15275 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2025-15279 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2025-15279 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2025-50949 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-50949 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2025-50949 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP Applications 16.0

An update that solves four vulnerabilities and contains one feature can now be installed.

Description:

This update for fontforge fixes the following issues:

Update to version 20251009.

Security issues fixed:

CVE-2025-15279: remote code execution via heap-based buffer overflow in BMP file parsing (bsc#1256013).
CVE-2025-15269: remote code execution via use-after-free in SFD file parsing (bsc#1256032).
CVE-2025-15275: arbitrary code execution via SFD file parsing buffer overflow (bsc#1256025).
CVE-2025-50949: memory leak in function DlgCreate8 (bsc#1252652).

Other updates and bugfixes:

fix multiple crashes in Multiple Masters.
fix crash for content over 32767 characters in GDraw multiline text field.
fix crash on Up/Down
fix crash in Metrics View.
fix UFO crash for empty contours.
fix crash issue in allmarkglyphs.
Version update to 20251009:
Update documentation for py scripts (#5180)
Update GitHub CI runners (#5328)
Update po files from Croudin sources. (#5330)
Use consistent Python in MacOS GitHub runner (#5331)
Fix CI for Windows GitHub runner (#5335)
Fix lookup flags parsing (#5338)
Fixes (#5332): glyph file names uXXXXX (#5333)
make harmonization robust and avoid zero handles after harmonization (#5262)
Quiet strict prototypes warnings. (#5313)
Fix crash in parsegvar() due to insufficient buffer (#5339)
Handle failed iconv conversion. Unhandled execution path was UB, causing a segfault for me (#5329)
Fix CMake function _get_git_version() (#5342)
Don't require individual tuple encapsulation in fontforge.font.bitmapSizes setter (#5138)
nltransform of anchor points (#5345)
Fix generateFontPostHook being called instead of generateFontPreHook (#5226)
Always set usDefaultChar to 0 (.notdef) (#5242)
add font attributes, method to Python docs (#5353)
fix segfault triggered by Python del c[i:j] (#5352)
Autoselect internal WOFF2 format (#5346)
Fix typos in the FAQ (#5355)
add font.style_set_names attribute to Python API (#5354)
Bulk tester (#5365)
Fix Splinefont shell invocation (#5367)
Fix the lists of Windows language IDs (#5359)
Support suplementary planes in SFD (emojis etc.) (#5364)
Remove psaltnames for multi-code-point names (#5305)
doc: added missing sudo to installation instructions (#5300)
Fix data corruption on SFD reading (#5380)
Compare vertical metrics check when generating TTC (#5372)
Treat FT_PIXEL_MODE_MONO as 2 grey levels (#5379)
Don't attempt to copy anchors into NULL font (#5405)
Fix export of supplementary plane characters in font name to TTF (#5396)
Defer crowdin update to the end of the pipeline (#5409)
Fix generated feature file bugs (#5384)
crowdin: update to java 17 (#5447)
Remove assert from Python script processor (#5410)
Use sysconfig for Python module locations (#5423)
Use PyConfig API on Python 3.8 (#5404)
Fix resource leak in unParseTTInstrs (#5476)
Only install GUI-specific files if ENABLE_GUI is set (#5451)
add math device tables to Python API (#5348)
Update CI runner to macOS 13 (#5482)
Allow hyphen and special characters in Feature File glyph names (#5358)
Fix Python font.appendSFNTName() function (#5494)
Update mm.c (#5386)
Warning rollup (probably some hidden bugs!) from clang trunk (#5492)
Fix function PyFFFont_addSmallCaps. (#5519)
Make SmallCaps() create symbols (#5517)
Segfault fix and complete implementation of "Don't generate FFTM tables" (#5509)
Modernize fixed pitch flag computation (#5506)
fix memleak in function utf7toutf8_copy (#5495)
Avoid crashes in Python scripts when objects are accessed in invalid state (#5483)
Fix CI for Ubuntu 24 (#5531)
Bump GitHub CI runner to Ubuntu 22 (#5551)
Fix memory corruption in SFUnicodeRanges() (#5537)
Add contour draw option to H.Metrics. (#5496)
Fix scaling of references in CharView (#5558)
Fix TTF validation on load for fixed pitch fonts (#5562)
Performance fixes for GSUB/GPOS dumps (#5547)
Simple GTK-based dialog with CSS appearance support (#5546)
Support Harfbuzz in Metrics View (#5522)
Update po files from crowdin translations (#5575)
Be more clever about label text in gtextfield (#5583)
Add minimal support for GDEF version 1.3 (#5584)
Sanitize messages from python (#5589)
Fix a crash caused by deleting a glyph with vertical kerning pairs. (#5592)
THEME -> GUI_THEME (#5596)
Update po translations from Crowdin (#5593)
Upgrade to Unicode 16.0.0 (#5594)
Fix Linux AppImage (#5599)
Upgrade to Unicode 17.0.0 and extend the language and script lists (#5618)
Remove X11 and non-Cairo drawing backends (#5612)
Add macOS dependency setup script (#5563)
Fix hotkeys in BitmapView (#5626)
Manually install Inno Setup 6 (#5621)
Remove cv->back_img_out_of_date and cv->backimgs (#5625)
fix spelling "bt" -> "but" (#5636)
Fix typos in Python module docs (#5634)
Version update to 20230101+git59.770356c9b:
Add contour draw option to H.Metrics. (#5496)
Fix memory corruption in SFUnicodeRanges() (#5537)
Bump GitHub CI runner to Ubuntu 22 (#5551)
Fix CI for Ubuntu 24 (#5531)
Avoid crashes in Python scripts when objects are accessed in invalid state (#5483)
fix memleak in function utf7toutf8_copy (#5495)
Modernize fixed pitch flag computation (#5506)
Segfault fix and complete implementation of "Don't generate FFTM tables" (#5509)
Make SmallCaps() translate symbols, too. Update documentation accordingly. (#5517)
Fix function PyFFFont_addSmallCaps. (#5519)
Warning rollup (probably some hidden bugs!) from clang trunk (#5492)
Update mm.c (#5386)
fix memleak in function DlgCreate8 (#5491)
Fix Python font.appendSFNTName() function (#5494)
Allow hyphen and special characters in Feature File glyph names (#5358)
Update CI runner to macOS 13 (#5482)
add math device tables to Python API (#5348)
Only install GUI-specific files if ENABLE_GUI is set (#5451)
Fix resource leak in unParseTTInstrs (#5476)
Use PyConfig API on Python 3.8 (#5404)
Use sysconfig for Python module locations (#5423)
More crowdin fix
Python script shall trigger no asserts (#5410)
crowdin: update to java 17 (#5447)
try fix crowdin
Fix generated feature file bugs (#5384)
Defer crowdin update to the end of the pipeline (#5409)
Fix export of supplementary plane characters in font name to TTF (#5396)
Don't attempt to copy anchors into NULL font (#5405)
Treat FT_PIXEL_MODE_MONO as 2 grey levels (#5379)
Compare vertical metrics check when generating TTC (#5372)
Fix data corruption on SFD reading (#5380)
doc: added missing sudo to installation instructions (#5300)
Remove psaltnames for multi-code-point names (#5305)
Support suplementary planes in SFD (emojis etc.) (#5364)
Fix the lists of Windows language IDs (#5359)
fix splinefont shell command injection (#5367)
Bulk tester (#5365)
add font.style_set_names attribute to Python API (#5354)
Fix typos in the FAQ (#5355)
Autoselect internal WOFF2 format (#5346)
fix segfault triggered by Python del c[i:j] (#5352)
add font attributes, method to Python docs (#5353)
Always set usDefaultChar to 0 (.notdef) (#5242)
Fix generateFontPostHook being called instead of generateFontPreHook (#5226)
nltransform of anchor points (#5345)
Don't require individual tuple encapsulation in fontforge.font.bitmapSizes setter (#5138)
Fix CMake function _get_git_version() (#5342)
Handle failed iconv conversion. Unhandled execution path was UB, causing a segfault for me (#5329)
Fix crash in parsegvar() due to insufficient buffer (#5339)
Quiet strict prototypes warnings. (#5313)
harmonizing can now no longer produce zero handles, the computation of harmonization is now numerically robust (#5262)
Fix glyph file names uXXXXX (#5333)
Fix lookup flags parsing (#5338)
Duplicate libfontforge.dll for "py" and "pyhook" tests. (#5335)
Use consistent Python in MacOS GitHub runner (#5331)
Update po files from Croudin sources after fixing problems
Fix GinHub CI runners (#5328)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Server 16.0
zypper in -t patch SUSE-SLES-16.0-286=1
SUSE Linux Enterprise Server for SAP Applications 16.0
zypper in -t patch SUSE-SLES-16.0-286=1

Package List:

SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64)
- fontforge-20251009-160000.1.1
- fontforge-devel-20251009-160000.1.1
- fontforge-debugsource-20251009-160000.1.1
- fontforge-debuginfo-20251009-160000.1.1
SUSE Linux Enterprise Server 16.0 (noarch)
- fontforge-doc-20251009-160000.1.1
SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64)
- fontforge-20251009-160000.1.1
- fontforge-devel-20251009-160000.1.1
- fontforge-debugsource-20251009-160000.1.1
- fontforge-debuginfo-20251009-160000.1.1
SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch)
- fontforge-doc-20251009-160000.1.1

Security update for fontforge

Description:

Patch Instructions:

Package List:

References: