fonts-bugs May 2026

fonts-bugs@lists.fedoraproject.org

2 participants
23 discussions

[Bug 2426599] New: CVE-2025-15280 fontforge: FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability [fedora-42]
by bugzilla＠redhat.com 10 Jun '26

10 Jun '26

https://bugzilla.redhat.com/show_bug.cgi?id=2426599 Bug ID: 2426599 Summary: CVE-2025-15280 fontforge: FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability [fedora-42] Product: Fedora Version: 42 Status: NEW Whiteboard: {"flaws": ["c0cde29b-bf92-4976-8812-3fb3bd0613c5"]} Component: fontforge Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: pnemade(a)redhat.com Reporter: saroy(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com, pnemade(a)redhat.com Blocks: 2426430 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT. https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essent… -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2426599 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 2

[Bug 2426595] New: CVE-2025-15276 fontforge: FontForge SFD File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability [fedora-42]
by bugzilla＠redhat.com 10 Jun '26

10 Jun '26

https://bugzilla.redhat.com/show_bug.cgi?id=2426595 Bug ID: 2426595 Summary: CVE-2025-15276 fontforge: FontForge SFD File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability [fedora-42] Product: Fedora Version: 42 Status: NEW Whiteboard: {"flaws": ["1d848b82-6cec-4ac8-a4e4-280ad45c7ad7"]} Component: fontforge Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: pnemade(a)redhat.com Reporter: saroy(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com, pnemade(a)redhat.com Blocks: 2426424 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT. https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essent… -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2426595 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 2

[Bug 2426592] New: CVE-2025-15278 fontforge: FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability [fedora-42]
by bugzilla＠redhat.com 10 Jun '26

10 Jun '26

https://bugzilla.redhat.com/show_bug.cgi?id=2426592 Bug ID: 2426592 Summary: CVE-2025-15278 fontforge: FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability [fedora-42] Product: Fedora Version: 42 Status: NEW Whiteboard: {"flaws": ["4b0e37b3-aee4-492b-a36a-853ead6f8450"]} Component: fontforge Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: pnemade(a)redhat.com Reporter: saroy(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com, pnemade(a)redhat.com Blocks: 2426433 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT. https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essent… -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2426592 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 2

[Bug 2426590] New: CVE-2025-15277 fontforge: FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability [fedora-42]
by bugzilla＠redhat.com 10 Jun '26

10 Jun '26

https://bugzilla.redhat.com/show_bug.cgi?id=2426590 Bug ID: 2426590 Summary: CVE-2025-15277 fontforge: FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability [fedora-42] Product: Fedora Version: 42 Status: NEW Whiteboard: {"flaws": ["735578d0-49ef-47a9-81a8-722f6674848e"]} Component: fontforge Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: pnemade(a)redhat.com Reporter: saroy(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com, pnemade(a)redhat.com Blocks: 2426425 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT. https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essent… -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2426590 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 2

[Bug 2426586] New: CVE-2025-15274 fontforge: FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability [fedora-42]
by bugzilla＠redhat.com 10 Jun '26

10 Jun '26

https://bugzilla.redhat.com/show_bug.cgi?id=2426586 Bug ID: 2426586 Summary: CVE-2025-15274 fontforge: FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability [fedora-42] Product: Fedora Version: 42 Status: NEW Whiteboard: {"flaws": ["6374512d-39d2-44ca-960c-5fa0950ba189"]} Component: fontforge Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: pnemade(a)redhat.com Reporter: saroy(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com, pnemade(a)redhat.com Blocks: 2426435 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT. https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essent… -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2426586 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 2

[Bug 2426584] New: CVE-2025-15273 fontforge: FontForge PFB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability [fedora-42]
by bugzilla＠redhat.com 10 Jun '26

10 Jun '26

https://bugzilla.redhat.com/show_bug.cgi?id=2426584 Bug ID: 2426584 Summary: CVE-2025-15273 fontforge: FontForge PFB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability [fedora-42] Product: Fedora Version: 42 Status: NEW Whiteboard: {"flaws": ["217f5fcc-cf4a-4f3e-b707-e9d285e674be"]} Component: fontforge Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: pnemade(a)redhat.com Reporter: saroy(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com, pnemade(a)redhat.com Blocks: 2426428 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT. https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essent… -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2426584 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 2

[Bug 2426582] New: CVE-2025-15272 fontforge: FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability [fedora-42]
by bugzilla＠redhat.com 10 Jun '26

10 Jun '26

https://bugzilla.redhat.com/show_bug.cgi?id=2426582 Bug ID: 2426582 Summary: CVE-2025-15272 fontforge: FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability [fedora-42] Product: Fedora Version: 42 Status: NEW Whiteboard: {"flaws": ["ad1ad48b-092f-4eaa-ac54-b88088da82fa"]} Component: fontforge Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: pnemade(a)redhat.com Reporter: saroy(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com, pnemade(a)redhat.com Blocks: 2426427 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT. https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essent… -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2426582 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 2

[Bug 2426581] New: CVE-2025-15271 fontforge: FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability [fedora-42]
by bugzilla＠redhat.com 10 Jun '26

10 Jun '26

https://bugzilla.redhat.com/show_bug.cgi?id=2426581 Bug ID: 2426581 Summary: CVE-2025-15271 fontforge: FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability [fedora-42] Product: Fedora Version: 42 Status: NEW Whiteboard: {"flaws": ["cae1f386-b0d8-46dc-b522-63f7de7200a5"]} Component: fontforge Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: pnemade(a)redhat.com Reporter: saroy(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com, pnemade(a)redhat.com Blocks: 2426422 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT. https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essent… -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2426581 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 2

[Bug 2386191] New: Bold fonts in KDE Plasma are too bold
by bugzilla＠redhat.com 08 Jun '26

08 Jun '26

https://bugzilla.redhat.com/show_bug.cgi?id=2386191 Bug ID: 2386191 Summary: Bold fonts in KDE Plasma are too bold Product: Fedora Version: 42 Hardware: x86_64 OS: Linux Status: NEW Component: Fonts Keywords: Desktop Severity: medium Assignee: i18n-bugs(a)lists.fedoraproject.org Reporter: joshas(a)gmail.com QA Contact: fonts-bugs(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora After clean install of KDE Plasma Desktop, all bold fonts used in KDE applications, like System Settings or Dolphin are too bold. Reproducible: Always Steps to Reproduce: 1. Install Fedora KDE Plasma Desktop or run live session 2. Open System Settings 3. Notice bold font used in main section titles Actual Results: Font is too bold, making it hard to read. Expected Results: Standard bold font should be used. Additional Information: Disabling "Noto Sans ()" font from Font Management fixes the issue. Note, that this font has no name in the list. -- You are receiving this mail because: You are the QA Contact for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2386191 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 7

[Bug 2341340] New: senamirmir-washra-fonts: FTBFS in Fedora rawhide/f42
by bugzilla＠redhat.com 08 Jun '26

08 Jun '26

https://bugzilla.redhat.com/show_bug.cgi?id=2341340 Bug ID: 2341340 Summary: senamirmir-washra-fonts: FTBFS in Fedora rawhide/f42 Product: Fedora Version: rawhide Status: NEW Component: senamirmir-washra-fonts Assignee: aekoroglu(a)linux.intel.com Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: aekoroglu(a)linux.intel.com, fonts-bugs(a)lists.fedoraproject.org, nicolas.mailhot(a)laposte.net Blocks: 2300528 (F42FTBFS) Target Milestone: --- Classification: Fedora senamirmir-washra-fonts failed to build from source in Fedora rawhide/f42 https://koji.fedoraproject.org/koji/taskinfo?taskID=128146392 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild Please fix senamirmir-washra-fonts at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, senamirmir-washra-fonts will be orphaned. Before branching of Fedora 43, senamirmir-washra-fonts will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails… Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2300528 [Bug 2300528] Fedora 42 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2341340 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 7

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

fonts-bugs May 2026