{"id":"MGASA-2026-0034","summary":"Updated fontforge packages fix security vulnerabilities","details":"FontForge SFD File Parsing Use-After-Free Remote Code Execution\nVulnerability. (CVE-2025-15269)\nFontForge SFD File Parsing Improper Validation of Array Index Remote\nCode Execution Vulnerability. (CVE-2025-15270)\nFontForge SFD File Parsing Heap-based Buffer Overflow Remote Code\nExecution Vulnerability. (CVE-2025-15275)\nFontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code\nExecution Vulnerability. (CVE-2025-15279)\n","modified":"2026-02-09T20:28:53.450239Z","published":"2026-02-09T19:56:34Z","related":["CVE-2025-15269","CVE-2025-15270","CVE-2025-15275","CVE-2025-15279"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2026-0034.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=35091"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NFM3OPUTYR55GA65K3XOPK3FXAH7EWEJ/"},{"type":"REPORT","url":"https://github.com/advisories/GHSA-hp8x-4h95-9799"}],"affected":[{"package":{"name":"fontforge","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/fontforge?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20220308-2.2.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2026-0034.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}