Home / mailings [SECURITY] [DSA 5880-1] freetype security update
Posted on 17 March 2025
Debian Security Advisory- -------------------------------------------------------------------------
Debian Security Advisory DSA-5880-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
March 17, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : freetype
CVE ID : CVE-2025-27363
An out-of-bounds write vulnerability when attempting to parse font
subglyph structures related to TrueType GX and variable font files was
discovered in FreeType, which may result in the execution of arbitrary
code when processing specially crafted fonts.
For the stable distribution (bookworm), this problem has been fixed in
version 2.12.1+dfsg-5+deb12u4.
We recommend that you upgrade your freetype packages.
For the detailed security status of freetype please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/freetype
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
