{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2025-15273","title":"Title"},{"category":"description","text":"FontForge PFB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PFB files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28546.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2025-15273","url":"https://www.suse.com/security/cve/CVE-2025-15273"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1256027 for CVE-2025-15273","url":"https://bugzilla.suse.com/1256027"}],"title":"SUSE CVE CVE-2025-15273","tracking":{"current_release_date":"2026-03-13T14:22:41Z","generator":{"date":"2026-01-07T00:25:52Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2025-15273","initial_release_date":"2026-01-07T00:25:52Z","revision_history":[{"date":"2026-01-07T00:25:52Z","number":"2","summary":"vulnerabilities added,references added,severity changed from  to important"},{"date":"2026-01-13T00:53:22Z","number":"3","summary":"more updates marked as affected"},{"date":"2026-03-11T17:27:54Z","number":"4","summary":"unknown changes"},{"date":"2026-03-13T14:22:41Z","number":"5","summary":"more updates marked as affected"}],"status":"interim","version":"5"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Desktop 15 SP7","product":{"name":"SUSE Linux Enterprise Desktop 15 SP7","product_id":"SUSE Linux Enterprise Desktop 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sled:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-ltss:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-ltss:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP7","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP7","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Desktop Applications 15 SP7","product":{"name":"SUSE Linux Enterprise Module for Desktop Applications 15 SP7","product_id":"SUSE Linux Enterprise Module for Desktop Applications 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-desktop-applications:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP2-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP2-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP3-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP3-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP3-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP4-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP4-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP5-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP5-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP6-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP6-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP6-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp6"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP7","product":{"name":"SUSE Linux Enterprise Server 15 SP7","product_id":"SUSE Linux Enterprise Server 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 16.0","product":{"name":"SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0","product_identification_helper":{"cpe":"cpe:/o:suse:sles:16:16.0:server"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server Teradata 15 SP4","product":{"name":"SUSE Linux Enterprise Server Teradata 15 SP4","product_id":"SUSE Linux Enterprise Server Teradata 15 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles_teradata:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP4","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP5","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP6","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP6","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP6","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp6"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP7","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP7","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP applications 16.0","product":{"name":"SUSE Linux Enterprise Server for SAP applications 16.0","product_id":"SUSE Linux Enterprise Server for SAP applications 16.0","product_identification_helper":{"cpe":"cpe:/o:suse:sles:16:16.0:server-sap"}}},{"category":"product_name","name":"openSUSE Leap 15.6","product":{"name":"openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.6"}}},{"category":"product_version","name":"fontforge","product":{"name":"fontforge","product_id":"fontforge","product_identification_helper":{"cpe":"cpe:2.3:a:fontforge:fontforge:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fontforge@?upstream=fontforge.src.rpm"}}},{"category":"product_version","name":"fontforge-devel","product":{"name":"fontforge-devel","product_id":"fontforge-devel","product_identification_helper":{"cpe":"cpe:2.3:a:fontforge:fontforge:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fontforge-devel@?upstream=fontforge.src.rpm"}}},{"category":"product_version","name":"fontforge-doc","product":{"name":"fontforge-doc","product_id":"fontforge-doc","product_identification_helper":{"cpe":"cpe:2.3:a:fontforge:fontforge:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fontforge-doc@?upstream=fontforge.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server 15 SP7","product_id":"SUSE Linux Enterprise Server 15 SP7:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Desktop 15 SP7","product_id":"SUSE Linux Enterprise Desktop 15 SP7:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server for SAP Applications 15 SP7","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP7:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise High Performance Computing 15 SP7","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP7:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7","product_id":"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Module for Desktop Applications 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server 15 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP2-LTSS:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server 15 SP3-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP3-LTSS:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP3-LTSS"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server 15 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP4-LTSS:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server 15 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP5-LTSS:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP5-LTSS"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server 15 SP6-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP6-LTSS:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP6-LTSS"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server 16.0"},{"category":"default_component_of","full_product_name":{"name":"fontforge-devel as component of SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0:fontforge-devel"},"product_reference":"fontforge-devel","relates_to_product_reference":"SUSE Linux Enterprise Server 16.0"},{"category":"default_component_of","full_product_name":{"name":"fontforge-doc as component of SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0:fontforge-doc"},"product_reference":"fontforge-doc","relates_to_product_reference":"SUSE Linux Enterprise Server 16.0"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server Teradata 15 SP4","product_id":"SUSE Linux Enterprise Server Teradata 15 SP4:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server Teradata 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP4:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP5:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP5"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP6:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of SUSE Linux Enterprise Server for SAP applications 16.0","product_id":"SUSE Linux Enterprise Server for SAP applications 16.0:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP applications 16.0"},{"category":"default_component_of","full_product_name":{"name":"fontforge-devel as component of SUSE Linux Enterprise Server for SAP applications 16.0","product_id":"SUSE Linux Enterprise Server for SAP applications 16.0:fontforge-devel"},"product_reference":"fontforge-devel","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP applications 16.0"},{"category":"default_component_of","full_product_name":{"name":"fontforge-doc as component of SUSE Linux Enterprise Server for SAP applications 16.0","product_id":"SUSE Linux Enterprise Server for SAP applications 16.0:fontforge-doc"},"product_reference":"fontforge-doc","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP applications 16.0"},{"category":"default_component_of","full_product_name":{"name":"fontforge as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:fontforge"},"product_reference":"fontforge","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"fontforge-devel as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:fontforge-devel"},"product_reference":"fontforge-devel","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"fontforge-doc as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:fontforge-doc"},"product_reference":"fontforge-doc","relates_to_product_reference":"openSUSE Leap 15.6"}]},"vulnerabilities":[{"cve":"CVE-2025-15273","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-15273"}],"notes":[{"category":"general","text":"FontForge PFB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PFB files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28546.","title":"CVE description"}],"product_status":{"known_affected":["SUSE Linux Enterprise Desktop 15 SP7:fontforge","SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:fontforge","SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:fontforge","SUSE Linux Enterprise High Performance Computing 15 SP7:fontforge","SUSE Linux Enterprise Module for Desktop Applications 15 SP7:fontforge","SUSE Linux Enterprise Server 15 SP2-LTSS:fontforge","SUSE Linux Enterprise Server 15 SP3-LTSS:fontforge","SUSE Linux Enterprise Server 15 SP4-LTSS:fontforge","SUSE Linux Enterprise Server 15 SP5-LTSS:fontforge","SUSE Linux Enterprise Server 15 SP6-LTSS:fontforge","SUSE Linux Enterprise Server 15 SP7:fontforge","SUSE Linux Enterprise Server 16.0:fontforge","SUSE Linux Enterprise Server 16.0:fontforge-devel","SUSE Linux Enterprise Server 16.0:fontforge-doc","SUSE Linux Enterprise Server Teradata 15 SP4:fontforge","SUSE Linux Enterprise Server for SAP Applications 15 SP4:fontforge","SUSE Linux Enterprise Server for SAP Applications 15 SP5:fontforge","SUSE Linux Enterprise Server for SAP Applications 15 SP6:fontforge","SUSE Linux Enterprise Server for SAP Applications 15 SP7:fontforge","SUSE Linux Enterprise Server for SAP applications 16.0:fontforge","SUSE Linux Enterprise Server for SAP applications 16.0:fontforge-devel","SUSE Linux Enterprise Server for SAP applications 16.0:fontforge-doc","openSUSE Leap 15.6:fontforge","openSUSE Leap 15.6:fontforge-devel","openSUSE Leap 15.6:fontforge-doc"]},"references":[{"category":"external","summary":"CVE-2025-15273","url":"https://www.suse.com/security/cve/CVE-2025-15273"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1256027 for CVE-2025-15273","url":"https://bugzilla.suse.com/1256027"}],"threats":[{"category":"impact","date":"2025-12-30T23:00:26Z","details":"important"}],"title":"CVE-2025-15273"}]}