Alerts This Week
Warning Icon 1 1,308
Alerts This Week
Warning Icon 1 1,308

Slackware 15.0: 2025-074-01 critical: freetype out of bounds risk

slackware
Calendar Grey March 15, 2025
Dist Slackware Esm H88
A new Freetype patch for Slackware 15.0 fixes a significant buffer overflow vulnerability, mitigating potential unauthorized code execution threats.
New freetype packages are available for Slackware 15.0 to fix a security issue

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/freetype-2.13.3-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild. For more information, see: https://www.cve.org/CVERecord?id=CVE-2025-27363 (* Security fix *)

Topics%20covered

Topics Covered

security advisory package update arbitrary code execution slackware freetype out of bounds

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/freetype-2.13.3-i586-1_slack15.0.txz
Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/freetype-2.13.3-x86_64-1_slack15.0.txz

MD5 Signatures

Slackware 15.0 package: e5e69552b4e2cf8b8f84e2592596adb7 freetype-2.13.3-i586-1_slack15.0.txz
Slackware x86_64 15.0 package: ce1672fa23e14303ba3840946410febf freetype-2.13.3-x86_64-1_slack15.0.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory package update arbitrary code execution slackware freetype out of bounds

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg freetype-2.13.3-i586-1_slack15.0.txz

Your message here