Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15275
Pick the patch that mentions this vulnerability ID explicitly. Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../fontforge/fontforge/CVE-2025-15275.patch | 34 +++++++++++++++++++ .../fontforge/fontforge_20251009.bb | 1 + 2 files changed, 35 insertions(+) create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch new file mode 100644 index 0000000000..d3d00fd9ac --- /dev/null +++ b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch @@ -0,0 +1,34 @@ +From 8aed4d992db246a537d07862f31dd04698c3f7e2 Mon Sep 17 00:00:00 2001 +From: Gyorgy Sarvari <[email protected]> +Date: Fri, 9 Jan 2026 16:58:23 +0100 +Subject: [PATCH] Fix CVE-2025-15275: Heap buffer overflow in SFD image parsing + (#5721) + +From: Ahmet Furkan Kavraz <[email protected]> + +Fixes: CVE-2025-15275 | ZDI-25-1189 | ZDI-CAN-28543 + +Co-authored-by: Ahmet Furkan Kavraz <[email protected]> + +CVE: CVE-2025-15275 +Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/7195402701ace7783753ef9424153eff48c9af44] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + fontforge/sfd.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/fontforge/sfd.c b/fontforge/sfd.c +index 149941148..e19d3a30f 100644 +--- a/fontforge/sfd.c ++++ b/fontforge/sfd.c +@@ -3585,6 +3585,10 @@ static ImageList *SFDGetImage(FILE *sfd) { + getint(sfd,&image_type); + getint(sfd,&bpl); + getint(sfd,&clutlen); ++ if ( clutlen < 0 || clutlen > 256 ) { ++ LogError(_("Invalid clut length %d in sfd file, must be between 0 and 256"), clutlen); ++ return NULL; ++ } + gethex(sfd,&trans); + image = GImageCreate(image_type,width,height); + base = image->list_len==0?image->u.image:image->u.images[0]; diff --git a/meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb b/meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb index 58f15ab396..fc3d001dbf 100644 --- a/meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb +++ b/meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb @@ -19,6 +19,7 @@ SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https;tag=$ file://0001-cmake-Use-alternate-way-to-detect-libm.patch \ file://CVE-2025-15279-1.patch \ file://CVE-2025-15279-2.patch \ + file://CVE-2025-15275.patch \ " EXTRA_OECMAKE = "-DENABLE_DOCS=OFF"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123873): https://lists.openembedded.org/g/openembedded-devel/message/123873 Mute This Topic: https://lists.openembedded.org/mt/117466638/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
