{"id":"MGASA-2025-0099","summary":"Updated freetype2 packages fix security vulnerability","details":"An out of bounds write exists in FreeType versions 2.13.0 and below\nwhen attempting to parse font subglyph structures related to TrueType\nGX and variable font files which may result in arbitrary code execution.\n","modified":"2026-02-04T02:37:22.923332Z","published":"2025-03-16T05:09:13Z","related":["CVE-2025-27363"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0099.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34095"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2025/03/13/1"},{"type":"REPORT","url":"https://gitlab.freedesktop.org/freetype/freetype/-/issues/1322"}],"affected":[{"package":{"name":"freetype2","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/freetype2?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.13.0-1.2.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0099.json"}},{"package":{"name":"freetype2","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/freetype2?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.13.0-1.2.mga9.tainted"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0099.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}