summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGyorgy Sarvari <skandigraun@gmail.com>2026-02-02 22:13:48 +0100
committerAnuj Mittal <anuj.mittal@oss.qualcomm.com>2026-02-03 08:07:22 +0530
commitedc3b69cefe42c80e0cf8c5b64acc03a15da5ef7 (patch)
tree579b3d6abe52b00eb1257e35c16c4b4483042ffa
parent21418bce907ee06695d29f8ad759f2d9dfeed5b9 (diff)
downloadmeta-openembedded-edc3b69cefe42c80e0cf8c5b64acc03a15da5ef7.tar.gz
fontforge: patch CVE-2025-15275
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15275 Pick the patch that mentions this vulnerability ID explicitly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat
-rw-r--r--meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch33
-rw-r--r--meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb1
2 files changed, 34 insertions, 0 deletions
diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch
new file mode 100644
index 0000000000..3574b8ee19
--- /dev/null
+++ b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch
@@ -0,0 +1,33 @@
1From 4c0658f56faf6d64382721a230ee57038035110a Mon Sep 17 00:00:00 2001
2From: Ahmet Furkan Kavraz
3 <55850855+ahmetfurkankavraz@users.noreply.github.com>
4Date: Fri, 9 Jan 2026 16:58:23 +0100
5Subject: [PATCH] Fix CVE-2025-15275: Heap buffer overflow in SFD image parsing
6 (#5721)
7
8Fixes: CVE-2025-15275 | ZDI-25-1189 | ZDI-CAN-28543
9
10Co-authored-by: Ahmet Furkan Kavraz <kavraz@amazon.com>
11
12CVE: CVE-2025-15275
13Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/7195402701ace7783753ef9424153eff48c9af44]
14Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
15---
16 fontforge/sfd.c | 4 ++++
17 1 file changed, 4 insertions(+)
18
19diff --git a/fontforge/sfd.c b/fontforge/sfd.c
20index cd661584b..4db9feebb 100644
21--- a/fontforge/sfd.c
22+++ b/fontforge/sfd.c
23@@ -3724,6 +3724,10 @@ static ImageList *SFDGetImage(FILE *sfd) {
24 getint(sfd,&image_type);
25 getint(sfd,&bpl);
26 getint(sfd,&clutlen);
27+ if ( clutlen < 0 || clutlen > 256 ) {
28+ LogError(_("Invalid clut length %d in sfd file, must be between 0 and 256"), clutlen);
29+ return NULL;
30+ }
31 gethex(sfd,&trans);
32 image = GImageCreate(image_type,width,height);
33 base = image->list_len==0?image->u.image:image->u.images[0];
diff --git a/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb b/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb
index 901b289f11..1680c7b2e0 100644
--- a/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb
+++ b/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb
@@ -23,6 +23,7 @@ SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https \
23 file://CVE-2024-25081_CVE-2024-25082.patch \ 23 file://CVE-2024-25081_CVE-2024-25082.patch \
24 file://CVE-2025-15279-1.patch \ 24 file://CVE-2025-15279-1.patch \
25 file://CVE-2025-15279-2.patch \ 25 file://CVE-2025-15279-2.patch \
26 file://CVE-2025-15275.patch \
26 " 27 "
27 28
28EXTRA_OECMAKE = "-DENABLE_DOCS=OFF" 29EXTRA_OECMAKE = "-DENABLE_DOCS=OFF"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-03-26 16:24:27 +0000