An update for freetype is now available for openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1300 Final 1.0 1.0 2025-03-21 Initial 2025-03-21 2025-03-21 openEuler SA Tool V1.0 2025-03-21 freetype security update An update for freetype is now available for openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4 FreeType is written in C, designed to be small,efficient, highly customizable, and portable while capable of producing high-quality output (glyph images) of most vector and bitmap font formats Security Fix(es): An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.(CVE-2025-27363) An update for freetype is now available for openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High freetype https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1300 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-20.03-LTS-SP4 freetype-2.12.1-4.oe2203sp3.src.rpm freetype-2.12.1-4.oe2203sp4.src.rpm freetype-2.13.2-3.oe2403.src.rpm freetype-2.13.2-3.oe2403sp1.src.rpm freetype-2.10.2-6.oe2003sp4.src.rpm freetype-2.12.1-4.oe2203sp3.x86_64.rpm freetype-debuginfo-2.12.1-4.oe2203sp3.x86_64.rpm freetype-debugsource-2.12.1-4.oe2203sp3.x86_64.rpm freetype-demos-2.12.1-4.oe2203sp3.x86_64.rpm freetype-devel-2.12.1-4.oe2203sp3.x86_64.rpm freetype-2.12.1-4.oe2203sp4.x86_64.rpm freetype-debuginfo-2.12.1-4.oe2203sp4.x86_64.rpm freetype-debugsource-2.12.1-4.oe2203sp4.x86_64.rpm freetype-demos-2.12.1-4.oe2203sp4.x86_64.rpm freetype-devel-2.12.1-4.oe2203sp4.x86_64.rpm freetype-2.13.2-3.oe2403.x86_64.rpm freetype-debuginfo-2.13.2-3.oe2403.x86_64.rpm freetype-debugsource-2.13.2-3.oe2403.x86_64.rpm freetype-demos-2.13.2-3.oe2403.x86_64.rpm freetype-devel-2.13.2-3.oe2403.x86_64.rpm freetype-2.13.2-3.oe2403sp1.x86_64.rpm freetype-debuginfo-2.13.2-3.oe2403sp1.x86_64.rpm freetype-debugsource-2.13.2-3.oe2403sp1.x86_64.rpm freetype-demos-2.13.2-3.oe2403sp1.x86_64.rpm freetype-devel-2.13.2-3.oe2403sp1.x86_64.rpm freetype-2.10.2-6.oe2003sp4.x86_64.rpm freetype-debuginfo-2.10.2-6.oe2003sp4.x86_64.rpm freetype-debugsource-2.10.2-6.oe2003sp4.x86_64.rpm freetype-devel-2.10.2-6.oe2003sp4.x86_64.rpm freetype-help-2.12.1-4.oe2203sp3.noarch.rpm freetype-help-2.12.1-4.oe2203sp4.noarch.rpm freetype-help-2.13.2-3.oe2403.noarch.rpm freetype-help-2.13.2-3.oe2403sp1.noarch.rpm freetype-help-2.10.2-6.oe2003sp4.noarch.rpm freetype-2.12.1-4.oe2203sp3.aarch64.rpm freetype-debuginfo-2.12.1-4.oe2203sp3.aarch64.rpm freetype-debugsource-2.12.1-4.oe2203sp3.aarch64.rpm freetype-demos-2.12.1-4.oe2203sp3.aarch64.rpm freetype-devel-2.12.1-4.oe2203sp3.aarch64.rpm freetype-2.12.1-4.oe2203sp4.aarch64.rpm freetype-debuginfo-2.12.1-4.oe2203sp4.aarch64.rpm freetype-debugsource-2.12.1-4.oe2203sp4.aarch64.rpm freetype-demos-2.12.1-4.oe2203sp4.aarch64.rpm freetype-devel-2.12.1-4.oe2203sp4.aarch64.rpm freetype-2.13.2-3.oe2403.aarch64.rpm freetype-debuginfo-2.13.2-3.oe2403.aarch64.rpm freetype-debugsource-2.13.2-3.oe2403.aarch64.rpm freetype-demos-2.13.2-3.oe2403.aarch64.rpm freetype-devel-2.13.2-3.oe2403.aarch64.rpm freetype-2.13.2-3.oe2403sp1.aarch64.rpm freetype-debuginfo-2.13.2-3.oe2403sp1.aarch64.rpm freetype-debugsource-2.13.2-3.oe2403sp1.aarch64.rpm freetype-demos-2.13.2-3.oe2403sp1.aarch64.rpm freetype-devel-2.13.2-3.oe2403sp1.aarch64.rpm freetype-2.10.2-6.oe2003sp4.aarch64.rpm freetype-debuginfo-2.10.2-6.oe2003sp4.aarch64.rpm freetype-debugsource-2.10.2-6.oe2003sp4.aarch64.rpm freetype-devel-2.10.2-6.oe2003sp4.aarch64.rpm An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild. 2025-03-21 CVE-2025-27363 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-20.03-LTS-SP4 High 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H freetype security update 2025-03-21 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1300