Advisories » MGASA-2025-0099

Updated freetype2 packages fix security vulnerability

Publication date: 16 Mar 2025
Modification date: 16 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-27363

Description

An out of bounds write exists in FreeType versions 2.13.0 and below
when attempting to parse font subglyph structures related to TrueType
GX and variable font files which may result in arbitrary code execution.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34095
• https://www.openwall.com/lists/oss-security/2025/03/13/1
• https://gitlab.freedesktop.org/freetype/freetype/-/issues/1322
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27363

SRPMS

9/core

• freetype2-2.13.0-1.2.mga9

9/tainted

• freetype2-2.13.0-1.2.mga9.tainted