Security update for freetype2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:0960-1 Final 1 1 2025-03-19T18:34:08Z current 2025-03-19T18:34:08Z 2025-03-19T18:34:08Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for freetype2 This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-960,SUSE-SLE-SERVER-12-SP5-LTSS-2025-960,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-960 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20250960-1/ Link for SUSE-SU-2025:0960-1 https://lists.suse.com/pipermail/sle-security-updates/2025-March/020564.html E-Mail link for SUSE-SU-2025:0960-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1239465 SUSE Bug 1239465 https://www.suse.com/security/cve/CVE-2025-27363/ SUSE CVE CVE-2025-27363 page SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 freetype2-devel-2.6.3-7.21.1 freetype2-devel-32bit-2.6.3-7.21.1 freetype2-devel-64bit-2.6.3-7.21.1 ft2demos-2.6.3-7.21.1 libfreetype6-2.6.3-7.21.1 libfreetype6-32bit-2.6.3-7.21.1 libfreetype6-64bit-2.6.3-7.21.1 freetype2-devel-2.6.3-7.21.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS ft2demos-2.6.3-7.21.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libfreetype6-2.6.3-7.21.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libfreetype6-32bit-2.6.3-7.21.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS freetype2-devel-2.6.3-7.21.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 ft2demos-2.6.3-7.21.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libfreetype6-2.6.3-7.21.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libfreetype6-32bit-2.6.3-7.21.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild. CVE-2025-27363 SUSE Linux Enterprise Server 12 SP5-LTSS:freetype2-devel-2.6.3-7.21.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ft2demos-2.6.3-7.21.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libfreetype6-2.6.3-7.21.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libfreetype6-32bit-2.6.3-7.21.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:freetype2-devel-2.6.3-7.21.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ft2demos-2.6.3-7.21.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreetype6-2.6.3-7.21.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreetype6-32bit-2.6.3-7.21.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250960-1/ https://www.suse.com/security/cve/CVE-2025-27363.html CVE-2025-27363 https://bugzilla.suse.com/1239465 SUSE Bug 1239465