An out of bounds write exists in FreeType versions 2.13.0 and below
when attempting to parse font subglyph structures related to TrueType
GX and variable font files which may result in arbitrary code execution.
- https://bugs.mageia.org/show_bug.cgi?id=34095
- https://www.openwall.com/lists/oss-security/2025/03/13/1
- https://gitlab.freedesktop.org/freetype/freetype/-/issues/1322
- https://www.cve.org/CVERecord?id=CVE-2025-27363
- 9/core/freetype2-2.13.0-1.2.mga9
- 9/tainted/freetype2-2.13.0-1.2.mga9.tainted
Get the latest Linux and open source security news straight to your inbox.