freetype-2.8-14.1.0.1.el7.AXS7

エラータID: AXSA:2025-9845:05

Release date: 
Thursday, April 10, 2025 - 16:24
Subject: 
freetype-2.8-14.1.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The FreeType engine is a free and portable font rendering
engine, developed to provide advanced font support for a variety of
platforms and environments. FreeType is a library which can open and
manages font files as well as efficiently load, hint and render
individual glyphs. FreeType is not a font server or a complete
text-rendering library.

Security Fix(es):

* CVE-2025-27363: fix OOB write when parsing font subglyph structures

CVE(s):
CVE-2025-27363
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

Solution: 

Update packages.

CVEs: 
CVE-2025-27363
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
Additional Info: 

N/A

Download: 

Asianux Server 7 for x86_64
  1. freetype-2.8-14.1.0.1.el7.AXS7.i686.rpm
    MD5: b4fd315493efeb3c2017c5e9bf3c6113
    SHA-256: dccc856b333e529d682758ed1f6c111cfc6cf97f58e49c9bf2fa24d58e522dc8
    Size: 377.12 kB
  2. freetype-2.8-14.1.0.1.el7.AXS7.x86_64.rpm
    MD5: b80a1e8b59765c46c15cde629d47449f
    SHA-256: 6d8ad43960b82a23c24f9e13ed7f09a72680396fe50c8808bd5a71e72b80380e
    Size: 379.85 kB
  3. freetype-devel-2.8-14.1.0.1.el7.AXS7.i686.rpm
    MD5: 321c393ff2fa8f244fed9d388fa20b27
    SHA-256: c29a12ca904a0f49354c8a6aa5af71ff5b3ba7890ea134b8cd3a255248d98ce1
    Size: 446.43 kB
  4. freetype-devel-2.8-14.1.0.1.el7.AXS7.x86_64.rpm
    MD5: 6a2129e17b93b07196679ad33acdfc42
    SHA-256: c2c92b8cd32d0a351bf714ad54d6580f40bdcb19aa1b5b858db56891ffd2c231
    Size: 446.39 kB