Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Mageia 2025-0099: freetype2 Security Advisory Updates

mageia
Calendar Grey March 16, 2025
Dist Mageia Esm H88
MGASA-2025-0099 updates for freetype2 fix a critical security bug that allows arbitrary code execution on affected versions.
An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files which may resul...

Summary

An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files which may result in arbitrary code execution.

References

- https://bugs.mageia.org/show_bug.cgi?id=34095

- https://www.openwall.com/lists/oss-security/2025/03/13/1

- https://gitlab.freedesktop.org/freetype/freetype/-/issues/1322

- https://www.cve.org/CVERecord?id=CVE-2025-27363

Resolution

SRPMS

- 9/core/freetype2-2.13.0-1.2.mga9

- 9/tainted/freetype2-2.13.0-1.2.mga9.tainted

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 16 Mar 2025
URL: https://advisories.mageia.org/MGASA-2025-0099.html
Type: security
CVE: CVE-2025-27363

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here