pool/fontforge
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity
Files
factory
fontforge/fontforge-CVE-2025-15275.patch
Takashi Iwai a795bf75a1 - Add fontforge-fix-multiple-crashes-in-Multiple-Masters.patch: 
Backport dfe5c803 from upstream, Fix multiple crashes in Multiple
  Masters.
- Add fontforge-fix-crash-for-content-over-32767-characters-in-GDraw.patch:
  Backport 0df57ac0 from upstream, fix crash for content over 32767
  characters in GDraw multiline text field.
- Add fontforge-CVE-2025-15279-part02_720ea950.patch:
  Backport 720ea950 from upstream, Move bounds check inside
  cnt >= 3 block.
  (CVE-2025-15279, ZDI-CAN-27517, bsc#1256013)
- Add fontforge-CVE-2025-15269.patch:
  Backport 6aea6db5 from upstream, Use-after-free in SFD ligature
  parsing.
  (CVE-2025-15269, ZDI-25-1195, ZDI-CAN-28564, bsc#1256032)
- Add fontforge-CVE-2025-15275.patch:
  Backport 71954027 from upstream, Fix heap buffer overflow in SFD
  image parsing.
  (CVE-2025-15275 ZDI-25-1189 ZDI-CAN-28543 bsc#1256025)
- Add fontforge-CVE-2025-15279-part01_7d67700c.patch:
  Backport 7d67700c from upstream, Fix heap buffer overflow in BMP
  RLE decompression.
  (CVE-2025-15279, ZDI-CAN-27517, bsc#1256013)
- Add fontforge-fix-crash-on-UpDown-keypress-in-the-feature-list.patch:
  Backport aca4f524 from upstream, Metrics view: Fix crash on Up/Down
  keypress while in the feature list.
- Add fontforge-fix-crash-in-Metrics-View.patch
  Backport 46dc37435 from upstream, Fix crash in Metrics View.
- Add fontforge-fix-UFO-crash-for-empty-contours.patch
  Backport 77b1b148 from upstream, Fix UFO crash for empty contours.
- Add fontforge-fix-crash-issue-in-allmarkglyphs.patch:
  Backport 9d793fe9 from upstream, fix crash issue in allmarkglyphs.

OBS-URL: https://build.opensuse.org/package/show/M17N/fontforge?expand=0&rev=107
2026-01-28 15:58:17 +00:00

33 lines
1.0 KiB
Diff
Raw Permalink Blame History

From 7195402701ace7783753ef9424153eff48c9af44 Mon Sep 17 00:00:00 2001
From: Ahmet Furkan Kavraz
<55850855+ahmetfurkankavraz@users.noreply.github.com>
Date: Fri, 9 Jan 2026 16:58:23 +0100
Subject: [PATCH] Fix CVE-2025-15275: Heap buffer overflow in SFD image parsing
(#5721)
Fixes: CVE-2025-15275 | ZDI-25-1189 | ZDI-CAN-28543
Co-authored-by: Ahmet Furkan Kavraz <kavraz@amazon.com>
---
fontforge/sfd.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fontforge/sfd.c b/fontforge/sfd.c
index 6b980a478..0590c119f 100644
--- a/fontforge/sfd.c
+++ b/fontforge/sfd.c
@@ -3653,6 +3653,10 @@ static ImageList *SFDGetImage(FILE *sfd) {
getint(sfd,&image_type);
getint(sfd,&bpl);
getint(sfd,&clutlen);
+ if ( clutlen < 0 || clutlen > 256 ) {
+ LogError(_("Invalid clut length %d in sfd file, must be between 0 and 256"), clutlen);
+ return NULL;
+ }
gethex(sfd,&trans);
image = GImageCreate(image_type,width,height);
base = image->list_len==0?image->u.image:image->u.images[0];
--
2.49.0
Reference in New Issue View Git Blame Copy Permalink