This bug was fixed in the package freetype - 2.10.1-2ubuntu0.4
---------------
freetype (2.10.1-2ubuntu0.4) focal-security; urgency=medium
* SECURITY UPDATE: OOB write via font subglyph structures parsing
- debian/patches/CVE-2025-27363.patch: make sure limit doesn't overflow
in src/truetype/ttgload.c.
- CVE-2025-27363
* SECURITY UPDATE: DoS in gvar table loading (LP: #2028863)
- debian/patches/lp2028863-dos.patch: add better checks for loading
gvar table in src/truetype/ttgxvar.c.
- No CVE number
-- Marc Deslauriers <[email protected]> Fri, 14 Mar 2025
13:03:51 -0400
** Changed in: freetype (Ubuntu Focal)
Status: Confirmed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-27363
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2028863
Title:
Denial of service via gvar table loading
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/2028863/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
