A critical vulnerability (CVE-2025-15270, CVSS 8.8) in FontForge allows remote code execution via the parsing of a malicious SFD font file. The affected version is fontforge 2025-11-17. Users should upgrade to a patched version, which for Red Hat Enterprise Linux 10.0 Extended Update Support is provided in the security update RHSA-2026:8875.
Red Hat Product Errata RHSA-2026:8875 - Security Advisory Issued: 2026-04-20 Updated: 2026-04-20 RHSA-2026:8875 - Security Advisory Overview Updated Packages Synopsis Important: fontforge security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for fontforge is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed fonts. Security Fix(es): fontforge: FontForge: Remote Code Execution via malicious SFD file parsing (CVE-2025-15270) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64 Fixes BZ - 2426434 - CVE-2025-15270 fontforge: FontForge: Remote Code Execution via malicious SFD file parsing CVEs CVE-2025-15270 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 SRPM fontforge-20230101-15.el10_0.src.rpm SHA-256: 826f45ea77514a67187a06a2c27769e4c06c545d6e7203bfa2de7f4d38dc104c x86_64 fontforge-20230101-15.el10_0.x86_64.rpm SHA-256: 8fac5f9b1cd76b5880f53d17aefd22316158e02406513523d6fc5dfc283286a7 fontforge-debuginfo-20230101-15.el10_0.x86_64.rpm SHA-256: e733a476e8547bfe907be63de56a09d6ffb291bffc3d741383fab46e81cd3853 fontforge-debugsource-20230101-15.el10_0.x86_64.rpm SHA-256: fff134ad208f8b362172feb469b7d76e1c040eb004f372c953c978fe504910da Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 SRPM fontforge-20230101-15.el10_0.src.rpm SHA-256: 826f45ea77514a67187a06a2c27769e4c06c545d6e7203bfa2de7f4d38dc104c ppc64le fontforge-20230101-15.el10_0.ppc64le.rpm SHA-256: 756778b39b505d4bc939d1b1244124b49ed78baecc411d784e49e7112e2c5577 fontforge-debuginfo-20230101-15.el10_0.ppc64le.rpm SHA-256: 5fed499aa33f7ef5d3dc61de938475390ba8f8083b1ab5033e9ad4f36fa1edb5 fontforge-debugsource-20230101-15.el10_0.ppc64le.rpm SHA-256: 282ea75a1a7ee30239820ed9265e8cf10f471c70ebac2a44be09ff3a852759ac Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 SRPM fontforge-20230101-15.el10_0.src.rpm SHA-256: 826f45ea77514a67187a06a2c27769e4c06c545d6e7203bfa2de7f4d38dc104c s390x fontforge-20230101-15.el10_0.s390x.rpm SHA-256: f5a9679fa34d7ef0fd07f2fd24a0f5d78e3356cc293207162629de937b27f2ab fontforge-debuginfo-20230101-15.el10_0.s390x.rpm SHA-256: 99e327f3699a9347bb8f47e63b434fd996d85b3eb51de5c2d0f8b41bfa4699c3 fontforge-debugsource-20230101-15.el10_0.s390x.rpm SHA-256: 91a2ba88ca9da832da8f13d40c7365f4dc4e6b08fc443ad9e98fbe2f0c60a276 Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 SRPM fontforge-20230101-15.el10_0.src.rpm SHA-256: 826f45ea77514a67187a06a2c27769e4c06c545d6e7203bfa2de7f4d38dc104c aarch64 fontforge-20230101-15.el10_0.aarch64.rpm SHA-256: a87517593b0891d98e973906d9d880038602acbc25494d1fec148c1af4ede3c5 fontforge-debuginfo-20230101-15.el10_0.aarch64.rpm SHA-256: b0c77839f98f203c05985bbbd4ad61f66aedf1b720f973604cc0d4880da1d928 fontforge-debugsource-20230101-15.el10_0.aarch64.rpm SHA-256: a7772915c1a4b5f005b35b66e07b910796bcde29e72595e3942a50a9f3658140 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .