{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2025-15275","title":"Title"},{"category":"description","text":"FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SFD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28543.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2025-15275","url":"https://www.suse.com/security/cve/CVE-2025-15275"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1256025 for CVE-2025-15275","url":"https://bugzilla.suse.com/1256025"},{"category":"external","summary":"Advisory link for RHSA-2026:2213","url":"https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-February/002480.html"},{"category":"external","summary":"Advisory link for SUSE-SU-2026:20435-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2026-February/024340.html"}],"title":"SUSE CVE CVE-2025-15275","tracking":{"current_release_date":"2026-03-13T14:22:38Z","generator":{"date":"2026-01-07T00:25:49Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2025-15275","initial_release_date":"2026-01-07T00:25:49Z","revision_history":[{"date":"2026-01-07T00:25:49Z","number":"2","summary":"vulnerabilities added,references added,severity changed from  to important"},{"date":"2026-01-13T00:53:20Z","number":"3","summary":"more updates marked as affected"},{"date":"2026-01-31T00:37:27Z","number":"4","summary":"scores added,updates released,more updates marked as affected"},{"date":"2026-02-12T00:38:42Z","number":"5","summary":"more updates released,references added"},{"date":"2026-02-16T00:49:15Z","number":"6","summary":"updates entered QA"},{"date":"2026-02-18T00:29:25Z","number":"7","summary":"more updates released"},{"date":"2026-02-22T00:30:52Z","number":"8","summary":"more updates released,references added"},{"date":"2026-03-11T17:27:51Z","number":"9","summary":"unknown changes"},{"date":"2026-03-13T14:22:38Z","number":"10","summary":"unknown changes"}],"status":"interim","version":"10"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Liberty Linux 9","product":{"name":"SUSE Liberty Linux 9","product_id":"SUSE Liberty Linux 9","product_identification_helper":{"cpe":"cpe:/o:suse:sll:9"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 15 SP7","product":{"name":"SUSE Linux Enterprise Desktop 15 SP7","product_id":"SUSE Linux Enterprise Desktop 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sled:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-ltss:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-ltss:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP7","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP7","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Desktop Applications 15 SP7","product":{"name":"SUSE Linux Enterprise Module for Desktop Applications 15 SP7","product_id":"SUSE Linux Enterprise Module for Desktop Applications 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-desktop-applications:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP2-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP2-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP3-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP3-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP3-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP4-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP4-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP5-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP5-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP6-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP6-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP6-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp6"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP7","product":{"name":"SUSE Linux Enterprise Server 15 SP7","product_id":"SUSE Linux Enterprise Server 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 16.0","product":{"name":"SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0","product_identification_helper":{"cpe":"cpe:/o:suse:sles:16:16.0:server"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server Teradata 15 SP4","product":{"name":"SUSE Linux Enterprise Server Teradata 15 SP4","product_id":"SUSE Linux Enterprise Server Teradata 15 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles_teradata:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP4","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP5","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP6","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP6","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP6","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp6"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP7","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP7","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP applications 16.0","product":{"name":"SUSE Linux Enterprise Server for SAP applications 16.0","product_id":"SUSE Linux Enterprise Server for SAP applications 16.0","product_identification_helper":{"cpe":"cpe:/o:suse:sles:16:16.0:server-sap"}}},{"category":"product_name","name":"openSUSE Leap 15.6","product":{"name":"openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.6"}}},{"category":"product_name","name":"openSUSE Leap 16.0","product":{"name":"openSUSE Leap 16.0","product_id":"openSUSE Leap 16.0"}},{"category":"product_name","name":"openSUSE Tumbleweed","product":{"name":"openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed","product_identification_helper":{"cpe":"cpe:/o:opensuse:tumbleweed"}}},{"category":"product_version","name":"fontforge","product":{"name":"fontforge","product_id":"fontforge","product_identification_helper":{"cpe":"cpe:2.3:a:fontforge:fontforge:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fontforge@?upstream=fontforge.src.rpm"}}},{"category":"product_version","name":"fontforge-20201107-7.el9_6","product":{"name":"fontforge-20201107-7.el9_6","product_id":"fontforge-20201107-7.el9_6","product_identification_helper":{"cpe":"cpe:2.3:a:fontforge:fontforge:20201107:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fontforge@20201107-7.el9_6?upstream=fontforge-20201107-7.el9_6.src.rpm"}}},{"category":"product_version","name":"fontforge-20251009-160000.1.1","product":{"name":"fontforge-20251009-160000.1.1","product_id":"fontforge-20251009-160000.1.1","product_identification_helper":{"cpe":"cpe:2.3:a:fontforge:fontforge:20251009:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fontforge@20251009-160000.1.1?upstream=fontforge-20251009-160000.1.1.src.rpm"}}},{"category":"product_version","name":"fontforge-20251009-4.1","product":{"name":"fontforge-20251009-4.1","product_id":"fontforge-20251009-4.1","product_identification_helper":{"cpe":"cpe:2.3:a:fontforge:fontforge:20251009:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fontforge@20251009-4.1?upstream=fontforge-20251009-4.1.src.rpm"}}},{"category":"product_version","name":"fontforge-devel","product":{"name":"fontforge-devel","product_id":"fontforge-devel","product_identification_helper":{"cpe":"cpe:2.3:a:fontforge:fontforge:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fontforge-devel@?upstream=fontforge.src.rpm"}}},{"category":"product_version","name":"fontforge-devel-20251009-160000.1.1","product":{"name":"fontforge-devel-20251009-160000.1.1","product_id":"fontforge-devel-20251009-160000.1.1","product_identification_helper":{"cpe":"cpe:2.3:a:fontforge:fontforge:20251009:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fontforge-devel@20251009-160000.1.1?upstream=fontforge-20251009-160000.1.1.src.rpm"}}},{"category":"product_version","name":"fontforge-devel-20251009-4.1","product":{"name":"fontforge-devel-20251009-4.1","product_id":"fontforge-devel-20251009-4.1","product_identification_helper":{"cpe":"cpe:2.3:a:fontforge:fontforge:20251009:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fontforge-devel@20251009-4.1?upstream=fontforge-20251009-4.1.src.rpm"}}},{"category":"product_version","name":"fontforge-doc","product":{"name":"fontforge-doc","product_id":"fontforge-doc","product_identification_helper":{"cpe":"cpe:2.3:a:fontforge:fontforge:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fontforge-doc@?upstream=fontforge.src.rpm"}}},{"category":"product_version","name":"fontforge-doc-20251009-160000.1.1","product":{"name":"fontforge-doc-20251009-160000.1.1","product_id":"fontforge-doc-20251009-160000.1.1","product_identification_helper":{"cpe":"cpe:2.3:a:fontforge:fontforge:20251009:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fontforge-doc@20251009-160000.1.1?upstream=fontforge-20251009-160000.1.1.src.rpm"}}},{"category":"product_version","name":"fontforge-doc-20251009-4.1","product":{"name":"fontforge-doc-20251009-4.1","product_id":"fontforge-doc-20251009-4.1","product_identification_helper":{"cpe":"cpe:2.3:a:fontforge:fontforge:20251009:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fontforge-doc@20251009-4.1?upstream=fontforge-20251009-4.1.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"fontforge-20201107-7.el9_6 as component of SUSE Liberty Linux 9","product_id":"SUSE Liberty Linux 9:fontforge-20201107-7.el9_6"},"product_reference":"fontforge-20201107-7.el9_6","relates_to_product_reference":"SUSE Liberty Linux 9"},{"category":"default_component_of","full_product_name":{"name":"fontforge-20251009-160000.1.1 as component of SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0:fontforge-20251009-160000.1.1"},"product_reference":"fontforge-20251009-160000.1.1","relates_to_product_reference":"SUSE Linux Enterprise Server 16.0"},{"category":"default_component_of","full_product_name":{"name":"fontforge-devel-20251009-160000.1.1 as component of SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0:fontforge-devel-20251009-160000.1.1"},"product_reference":"fontforge-devel-20251009-160000.1.1","relates_to_product_reference":"SUSE Linux Enterprise Server 16.0"},{"category":"default_component_of","full_product_name":{"name":"fontforge-doc-20251009-160000.1.1 as component of SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0:fontforge-doc-20251009-160000.1.1"},"product_reference":"fontforge-doc-20251009-160000.1.1","relates_to_product_reference":"SUSE Linux Enterprise Server 16.0"},{"category":"default_component_of","full_product_name":{"name":"fontforge-20251009-160000.1.1 as component of SUSE Linux Enterprise Server for SAP applications 16.0","product_id":"SUSE Linux Enterprise Server for SAP applications 16.0:fontforge-20251009-160000.1.1"},"product_reference":"fontforge-20251009-160000.1.1","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP applications 16.0"},{"category":"default_component_of","full_product_name":{"name":"fontforge-devel-20251009-160000.1.1 as component of SUSE Linux Enterprise Server for SAP applications 16.0","product_id":"SUSE Linux Enterprise Server for SAP applications 16.0:fontforge-devel-20251009-160000.1.1"},"product_reference":"fontforge-devel-20251009-160000.1.1","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP applications 16.0"},{"category":"default_component_of","full_product_name":{"name":"fontforge-doc-20251009-160000.1.1 as component of SUSE Linux Enterprise Server for SAP applications 16.0","product_id":"SUSE Linux Enterprise Server for SAP applications 16.0:fontforge-doc-20251009-160000.1.1"},"product_reference":"fontforge-doc-20251009-160000.1.1","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP applications 16.0"},{"category":"default_component_of","full_product_name":{"name":"fontforge-20251009-160000.1.1 as component of openSUSE Leap 16.0","product_id":"openSUSE Leap 16.0:fontforge-20251009-160000.1.1"},"product_reference":"fontforge-20251009-160000.1.1","relates_to_product_reference":"openSUSE Leap 16.0"},{"category":"default_component_of","full_product_name":{"name":"fontforge-devel-20251009-160000.1.1 as component of openSUSE Leap 16.0","product_id":"openSUSE Leap 16.0:fontforge-devel-20251009-160000.1.1"},"product_reference":"fontforge-devel-20251009-160000.1.1","relates_to_product_reference":"openSUSE Leap 16.0"},{"category":"default_component_of","full_product_name":{"name":"fontforge-doc-20251009-160000.1.1 as component of openSUSE Leap 16.0","product_id":"openSUSE Leap 16.0:fontforge-doc-20251009-160000.1.1"},"product_reference":"fontforge-doc-20251009-160000.1.1","relates_to_product_reference":"openSUSE Leap 16.0"},{"category":"default_component_of","full_product_name":{"name":"fontforge-20251009-4.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:fontforge-20251009-4.1"},"product_reference":"fontforge-20251009-4.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"fontforge-devel-20251009-4.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:fontforge-devel-20251009-4.1"},"product_reference":"fontforge-devel-20251009-4.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"fontforge-doc-20251009-4.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:fontforge-doc-20251009-4.1"},"product_reference":"fontforge-doc-20251009-4.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server 15 SP7","product_id":"SUSE Linux Enterprise Server 15 SP7:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Desktop 15 SP7","product_id":"SUSE Linux Enterprise Desktop 15 SP7:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server for SAP Applications 15 SP7","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP7:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise High Performance Computing 15 SP7","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP7:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7","product_id":"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Module for Desktop Applications 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server 15 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP2-LTSS:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server 15 SP3-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP3-LTSS:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP3-LTSS"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server 15 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP4-LTSS:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server 15 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP5-LTSS:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP5-LTSS"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server 15 SP6-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP6-LTSS:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP6-LTSS"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server Teradata 15 SP4","product_id":"SUSE Linux Enterprise Server Teradata 15 SP4:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server Teradata 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP4:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP5:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP5"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP6:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"fontforge-devel as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:fontforge-devel"},"product_reference":"fontforge-devel","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"fontforge-doc as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:fontforge-doc"},"product_reference":"fontforge-doc","relates_to_product_reference":"openSUSE Leap 15.6"}]},"vulnerabilities":[{"cve":"CVE-2025-15275","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-15275"}],"notes":[{"category":"general","text":"FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SFD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28543.","title":"CVE description"}],"product_status":{"first_fixed":["SUSE Linux Enterprise Server 16.0:fontforge-20251009-160000.1.1","SUSE Linux Enterprise Server 16.0:fontforge-devel-20251009-160000.1.1","SUSE Linux Enterprise Server 16.0:fontforge-doc-20251009-160000.1.1"],"known_affected":["SUSE Linux Enterprise Desktop 15 SP7:fontforge","SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:fontforge","SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:fontforge","SUSE Linux Enterprise High Performance Computing 15 SP7:fontforge","SUSE Linux Enterprise Module for Desktop Applications 15 SP7:fontforge","SUSE Linux Enterprise Server 15 SP2-LTSS:fontforge","SUSE Linux Enterprise Server 15 SP3-LTSS:fontforge","SUSE Linux Enterprise Server 15 SP4-LTSS:fontforge","SUSE Linux Enterprise Server 15 SP5-LTSS:fontforge","SUSE Linux Enterprise Server 15 SP6-LTSS:fontforge","SUSE Linux Enterprise Server 15 SP7:fontforge","SUSE Linux Enterprise Server Teradata 15 SP4:fontforge","SUSE Linux Enterprise Server for SAP Applications 15 SP4:fontforge","SUSE Linux Enterprise Server for SAP Applications 15 SP5:fontforge","SUSE Linux Enterprise Server for SAP Applications 15 SP6:fontforge","SUSE Linux Enterprise Server for SAP Applications 15 SP7:fontforge","openSUSE Leap 15.6:fontforge","openSUSE Leap 15.6:fontforge-devel","openSUSE Leap 15.6:fontforge-doc"],"recommended":["SUSE Liberty Linux 9:fontforge-20201107-7.el9_6","SUSE Linux Enterprise Server 16.0:fontforge-20251009-160000.1.1","SUSE Linux Enterprise Server 16.0:fontforge-devel-20251009-160000.1.1","SUSE Linux Enterprise Server 16.0:fontforge-doc-20251009-160000.1.1","SUSE Linux Enterprise Server for SAP applications 16.0:fontforge-20251009-160000.1.1","SUSE Linux Enterprise Server for SAP applications 16.0:fontforge-devel-20251009-160000.1.1","SUSE Linux Enterprise Server for SAP applications 16.0:fontforge-doc-20251009-160000.1.1","openSUSE Leap 16.0:fontforge-20251009-160000.1.1","openSUSE Leap 16.0:fontforge-devel-20251009-160000.1.1","openSUSE Leap 16.0:fontforge-doc-20251009-160000.1.1","openSUSE Tumbleweed:fontforge-20251009-4.1","openSUSE Tumbleweed:fontforge-devel-20251009-4.1","openSUSE Tumbleweed:fontforge-doc-20251009-4.1"]},"references":[{"category":"external","summary":"CVE-2025-15275","url":"https://www.suse.com/security/cve/CVE-2025-15275"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1256025 for CVE-2025-15275","url":"https://bugzilla.suse.com/1256025"},{"category":"external","summary":"Advisory link for RHSA-2026:2213","url":"https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-February/002480.html"},{"category":"external","summary":"Advisory link for SUSE-SU-2026:20435-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2026-February/024340.html"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Liberty Linux 9:fontforge-20201107-7.el9_6","SUSE Linux Enterprise Server 16.0:fontforge-20251009-160000.1.1","SUSE Linux Enterprise Server 16.0:fontforge-devel-20251009-160000.1.1","SUSE Linux Enterprise Server 16.0:fontforge-doc-20251009-160000.1.1","SUSE Linux Enterprise Server for SAP applications 16.0:fontforge-20251009-160000.1.1","SUSE Linux Enterprise Server for SAP applications 16.0:fontforge-devel-20251009-160000.1.1","SUSE Linux Enterprise Server for SAP applications 16.0:fontforge-doc-20251009-160000.1.1","openSUSE Leap 16.0:fontforge-20251009-160000.1.1","openSUSE Leap 16.0:fontforge-devel-20251009-160000.1.1","openSUSE Leap 16.0:fontforge-doc-20251009-160000.1.1","openSUSE Tumbleweed:fontforge-20251009-4.1","openSUSE Tumbleweed:fontforge-devel-20251009-4.1","openSUSE Tumbleweed:fontforge-doc-20251009-4.1"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Liberty Linux 9:fontforge-20201107-7.el9_6","SUSE Linux Enterprise Server 16.0:fontforge-20251009-160000.1.1","SUSE Linux Enterprise Server 16.0:fontforge-devel-20251009-160000.1.1","SUSE Linux Enterprise Server 16.0:fontforge-doc-20251009-160000.1.1","SUSE Linux Enterprise Server for SAP applications 16.0:fontforge-20251009-160000.1.1","SUSE Linux Enterprise Server for SAP applications 16.0:fontforge-devel-20251009-160000.1.1","SUSE Linux Enterprise Server for SAP applications 16.0:fontforge-doc-20251009-160000.1.1","openSUSE Leap 16.0:fontforge-20251009-160000.1.1","openSUSE Leap 16.0:fontforge-devel-20251009-160000.1.1","openSUSE Leap 16.0:fontforge-doc-20251009-160000.1.1","openSUSE Tumbleweed:fontforge-20251009-4.1","openSUSE Tumbleweed:fontforge-devel-20251009-4.1","openSUSE Tumbleweed:fontforge-doc-20251009-4.1"]}],"threats":[{"category":"impact","date":"2025-12-30T23:00:29Z","details":"important"}],"title":"CVE-2025-15275"}]}