Threats Tagged 'cve-2025-15279'

Multiple security vulnerabilities have been identified in FontForge, a font editor supporting various font formats. These include remote code execution via a heap-based buffer overflow in BMP file parsing (CVE-2025-15279), remote code execution via a use-after-free in SFD file parsing (CVE-2025-15269), and arbitrary code execution via a buffer overflow in SFD file parsing (CVE-2025-15275). Red Hat has issued an important security advisory with updates for affected Red Hat Enterprise Linux 10. 0 Extended Update Support versions. The vulnerabilities could allow an attacker to execute arbitrary code remotely by processing crafted font files. Red Hat provides updated packages to address these issues. No known exploits in the wild have been reported at this time.

Multiple vulnerabilities in FontForge, a font editor supporting various font formats, have been identified and addressed by Red Hat. These include remote code execution via a heap-based buffer overflow in BMP file parsing (CVE-2025-15279), remote code execution via a use-after-free in SFD file parsing (CVE-2025-15269), and arbitrary code execution via a buffer overflow in SFD file parsing (CVE-2025-15275). The vulnerabilities affect Red Hat Enterprise Linux 10 and related CodeReady Linux Builder products. Red Hat has released updated packages to fix these issues. No known exploits in the wild have been reported. The advisory rates the security impact as Important (high severity).

Multiple security vulnerabilities have been identified in FontForge, a font editor supporting various font formats. These include remote code execution via a heap-based buffer overflow in BMP file parsing (CVE-2025-15279), remote code execution via a use-after-free in SFD file parsing (CVE-2025-15269), and arbitrary code execution via an SFD file parsing buffer overflow (CVE-2025-15275). The vulnerabilities affect Red Hat Enterprise Linux 9 and related CodeReady Linux Builder products. Red Hat has issued an important security advisory with updates to address these issues.

Multiple remote code execution vulnerabilities have been identified in FontForge, a font editor supporting various font formats. These include a heap-based buffer overflow in BMP file parsing (CVE-2025-15279), a use-after-free vulnerability in SFD file parsing (CVE-2025-15269), and a buffer overflow in SFD file parsing (CVE-2025-15275). These flaws could allow an attacker to execute arbitrary code remotely. Red Hat has issued an important security update for affected versions of FontForge in Red Hat Enterprise Linux 9. 6 Extended Update Support. The update addresses these vulnerabilities to prevent exploitation. Users of the affected Red Hat products are advised to apply the provided update as detailed in the Red Hat advisory.

Multiple security vulnerabilities have been identified in FontForge, a font editor supporting various font formats. These include command injection via crafted archives, compressed files, and filenames, as well as remote code execution through heap-based buffer overflow, use-after-free, and buffer overflow in SFD and BMP file parsing. The vulnerabilities affect Red Hat Enterprise Linux 9. 4 Extended Update Support and related products. Red Hat has issued a security advisory with updated packages to address these issues. The overall security impact is rated as Important by Red Hat Product Security.

Multiple remote code execution vulnerabilities have been identified in FontForge, a font editor supporting various font formats. These include heap-based buffer overflow and use-after-free issues in BMP and SFD file parsing. The vulnerabilities affect Red Hat Enterprise Linux 8 and related packages. Red Hat has issued a security advisory with updated packages to address these issues. No known exploits are reported in the wild at this time.

Multiple security vulnerabilities have been identified in FontForge, a font editor supporting various font formats. These include remote code execution via a heap-based buffer overflow in BMP file parsing (CVE-2025-15279), remote code execution via a use-after-free in SFD file parsing (CVE-2025-15269), and arbitrary code execution via a buffer overflow in SFD file parsing (CVE-2025-15275). These issues affect Red Hat Enterprise Linux 7 Extended Lifecycle Support versions of FontForge. Red Hat has released an important security update addressing these vulnerabilities. Users of affected Red Hat Enterprise Linux versions should apply the update as detailed in the Red Hat advisory to mitigate these risks.