Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 7352-2: FreeType Security Advisory Updates

ubuntu
Calendar Grey March 18, 2025
Dist Ubuntu Esm H88
Several important security issues fixed in FreeType versions for Ubuntu 14.04, 16.04, and 18.04 LTS. Immediate action is advised.
Several security issues were fixed in FreeType.

Summary

Several security issues were fixed in FreeType.

Software Description:

- freetype: FreeType 2 is a font engine library

Details:

USN-7352-1 fixed a vulnerability in FreeType. This update provides the

corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This

update also fixes an additional vulnerability in Ubuntu 14.04 LTS.

Original advisory details:

 It was discovered that FreeType incorrectly handled certain memory

 operations when parsing font subglyph structures. A remote attacker could

 use this issue to cause FreeType to crash, resulting in a denial of

 service, or possibly execute arbitrary code. This issue only affected

 Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2025-27363)

Additional advisory details:

 It was discovered that FreeType incorrectly handled certain memory

 operations during typical execution. An attacker could possibly use

 this issue to cause FreeType to crash, resulting in a denial of

 service. Thi...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
   libfreetype6                    2.8.1-2ubuntu2.2+esm1
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   libfreetype6                    2.6.1-0.1ubuntu2.5+esm2
                                   Available with Ubuntu Pro

Ubuntu 14.04 LTS
   libfreetype6                    2.5.2-1ubuntu2.8+esm3
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7352-2

  https://ubuntu.com/security/notices/USN-7352-1

  CVE-2022-27406, CVE-2025-27363

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7352-2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here