Monday, March 17, 2025

[USN-7352-1] FreeType vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmfYGnAFAwAAAAAACgkQZWnYVadEvpPZ
NA//WUILk4SEbol1TkiCWSOj7MIT4Cecf/1L68VTzzHh8Q4SpoJLe76MjLOZfS4NhH+qa8wqqN9H
yBKMcZh9JR9t2969Kcbr26quvpIGUDHfEMt7VbErqWLDr4ieDcWFaGzkiH9SLPPijuxQAhGBrmm6
FWqz1+aJVerVrjfhlCAIUWgXQrHqvPp1TjzvA/g0wV41azdidt8SeFJuKUJ43egvV4d2lkAq6/g7
emPmBdmfM8r/jRv1kV4Fnsd1q2D8T2j+S/nQbFrjHKSY7De6F+esZ3NuPANJhYrUT2/Dbh1WkVk6
stkbPA9VDkcCRt/rMxYqIFgexUeQYWkdxLnnVelsGyfjWc4K+gabkciPTIfJfAboUtOiHDJmL/au
1x+d5JwnebC5mKFX5BxUcmRUuxUt8l1H2zhYZs1K8RYplmR2QMTWsZ6z67A9rsg9CMpQPtLFulg2
RmJ+PKFTqQheBrNVRVZjAm30sXoYXU6HzH2xoXYsGi6F2JLbnV7l0yH0PIC4tQf6m1tUnvVvDOif
5GAEAiYtfXy+skgSj+GAsrh12AbHz395htHYsPKk7Tu4SO6WyVL8E2kDCvgvdOjKJQD9ja8iuTV9
tJg87qeNlOY5pI735Jqo62CnfbmOcXjgfn60ty0IdKOuN5wdG3vC56iFMfzXPBCqjuMXpxBWwLRi
aPs=
=lVCR
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7352-1
March 17, 2025

freetype vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

FreeType could be made to crash or run programs if it opened a specially
crafted font file.

Software Description:
- freetype: FreeType 2 is a font engine library

Details:

It was discovered that FreeType incorrectly handled certain memory
operations when parsing font subglyph structures. A remote attacker could
use this issue to cause FreeType to crash, resulting in a denial of
service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
libfreetype6 2.11.1+dfsg-1ubuntu0.3

Ubuntu 20.04 LTS
libfreetype6 2.10.1-2ubuntu0.4

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7352-1
CVE-2025-27363

Package Information:
https://launchpad.net/ubuntu/+source/freetype/2.11.1+dfsg-1ubuntu0.3
https://launchpad.net/ubuntu/+source/freetype/2.10.1-2ubuntu0.4

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)