[meta-oe,whinlatter,04/15] fontforge: patch CVE-2025-15270

Message ID	20260202211401.1287664-4-skandigraun@gmail.com
State	Under Review
Delegated to:	Anuj Mittal
Headers	show Return-Path: <skandigraun@gmail.com> ip: 209.85.221.54, mailfrom: skandigraun@gmail.com) From: Gyorgy Sarvari <skandigraun@gmail.com> To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 04/15] fontforge: patch CVE-2025-15270 Date: Mon, 2 Feb 2026 22:13:50 +0100 Message-ID: <20260202211401.1287664-4-skandigraun@gmail.com> In-Reply-To: <20260202211401.1287664-1-skandigraun@gmail.com> References: <20260202211401.1287664-1-skandigraun@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-oe,whinlatter,01/15] fontforge: patch CVE-2025-15279 \| expand [meta-oe,whinlatter,01/15] fontforge: patch CVE-2025-15279 [meta-oe,whinlatter,02/15] fontforge: patch CVE-2025-15275 [meta-oe,whinlatter,03/15] fontforge: patch CVE-2025-15269 [meta-oe,whinlatter,04/15] fontforge: patch CVE-2025-15270 [meta-gnome,whinlatter,05/15] gimp: update 3.0.6 -> 3.0.8 [meta-gnome,whinlatter,06/15] gimp: mark CVE-2025-15059 patched [meta-oe,whinlatter,07/15] gpsd: patch CVE-2025-67268 [meta-oe,whinlatter,08/15] gpsd: patch CVE-2025-67269 [meta-oe,whinlatter,09/15] imagemagick: upgrade 7.1.2-12 -> 7.1.2-13 [meta-oe,whinlatter,10/15] libcdio: patch CVE-2024-36600 [meta-oe,whinlatter,11/15] libcupsfilters: patch CVE-2025-64503 [meta-oe,whinlatter,12/15] ndpi: ignore CVE-2025-25066 [meta-oe,whinlatter,13/15] nodejs: upgrade 22.21.1 -> 22.22.0 [meta-networking,whinlatter,14/15] ez-ipupdate: patch CVE-2003-0887 [meta-networking,whinlatter,15/15] proftpd: ignore CVE-2021-47865

Message ID

20260202211401.1287664-4-skandigraun@gmail.com

State

Under Review

Delegated to:

Anuj Mittal

Headers

From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-oe][whinlatter][PATCH 04/15] fontforge: patch CVE-2025-15270
Date: Mon,  2 Feb 2026 22:13:50 +0100
Message-ID: <20260202211401.1287664-4-skandigraun@gmail.com>
In-Reply-To: <20260202211401.1287664-1-skandigraun@gmail.com>
References: <20260202211401.1287664-1-skandigraun@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-oe,whinlatter,01/15] fontforge: patch CVE-2025-15279 | expand

Commit Message

Gyorgy Sarvari Feb. 2, 2026, 9:13 p.m. UTC

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15270

Pick the patch that mentions this vulnerbaility explicitly
in its description.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../fontforge/fontforge/CVE-2025-15270.patch  | 44 +++++++++++++++++++
 .../fontforge/fontforge_20230101.bb           |  1 +
 2 files changed, 45 insertions(+)
 create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15270.patch

diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15270.patch b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15270.patch
new file mode 100644
index 0000000000..335aa3f9a2
--- /dev/null
+++ b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15270.patch
@@ -0,0 +1,44 @@ 
+From 647e17c1313b0be5159616e4345e6007e1f377a5 Mon Sep 17 00:00:00 2001
+From: Ahmet Furkan Kavraz
+ <55850855+ahmetfurkankavraz@users.noreply.github.com>
+Date: Sat, 31 Jan 2026 21:23:41 +0100
+Subject: [PATCH] Fix CVE-2025-15270: Heap buffer overflow in SFD kern class
+ parsing (#5743)
+
+Fixes: CVE-2025-15270 | ZDI-25-1194 | ZDI-CAN-28563
+
+Co-authored-by: Ahmet Furkan Kavraz <kavraz@amazon.com>
+
+CVE: CVE-2025-15270
+Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/d01333a5bfa2ac4ed698c24b323d02107deacad7]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ fontforge/sfd.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/fontforge/sfd.c b/fontforge/sfd.c
+index 894176254..3692973fe 100644
+--- a/fontforge/sfd.c
++++ b/fontforge/sfd.c
+@@ -8286,6 +8286,10 @@ bool SFD_GetFontMetaData( FILE *sfd,
+ 	for ( i=classstart; i<kc->first_cnt; ++i ) {
+ 	  if (kernclassversion < 3) {
+ 	    getint(sfd,&temp);
++	    if (temp < 0) {
++	      LogError(_("Corrupted SFD file: Invalid kern class name length %d. Aborting load."), temp);
++	      return false;
++	    }
+ 	    kc->firsts[i] = malloc(temp+1); kc->firsts[i][temp] = '\0';
+ 	    nlgetc(sfd);	/* skip space */
+ 	    fread(kc->firsts[i],1,temp,sfd);
+@@ -8303,6 +8307,10 @@ bool SFD_GetFontMetaData( FILE *sfd,
+ 	for ( i=1; i<kc->second_cnt; ++i ) {
+ 	  if (kernclassversion < 3) {
+ 	    getint(sfd,&temp);
++	    if (temp < 0) {
++	      LogError(_("Corrupted SFD file: Invalid kern class name length %d. Aborting load."), temp);
++	      return false;
++	    }
+ 	    kc->seconds[i] = malloc(temp+1); kc->seconds[i][temp] = '\0';
+ 	    nlgetc(sfd);	/* skip space */
+ 	    fread(kc->seconds[i],1,temp,sfd);
diff --git a/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb b/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb
index 7db8a66654..72d233fe0c 100644
--- a/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb
+++ b/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb
@@ -25,6 +25,7 @@  SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https \
            file://CVE-2025-15279-2.patch \
            file://CVE-2025-15275.patch \
            file://CVE-2025-15269.patch \
+           file://CVE-2025-15270.patch \
            "
 
 EXTRA_OECMAKE = "-DENABLE_DOCS=OFF"

[meta-oe,whinlatter,04/15] fontforge: patch CVE-2025-15270

Commit Message

Patch