This bug was fixed in the package freetype - 2.10.1-2ubuntu0.4
---------------
freetype (2.10.1-2ubuntu0.4) focal-security; urgency=medium
* SECURITY UPDATE: OOB write via font subglyph structures parsing
- debian/patches/CVE-2025-27363.patch: make sure limit doesn't overflow
in src/truetype/ttgload.c.
- CVE-2025-27363
* SECURITY UPDATE: DoS in gvar table loading (LP: #2028863)
- debian/patches/lp2028863-dos.patch: add better checks for loading
gvar table in src/truetype/ttgxvar.c.
- No CVE number
-- Marc Deslauriers <marc.deslauri...@ubuntu.com> Fri, 14 Mar 2025
13:03:51 -0400
** Changed in: freetype (Ubuntu Focal)
Status: Confirmed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-27363
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to freetype in Ubuntu.
https://bugs.launchpad.net/bugs/2028863
Title:
Denial of service via gvar table loading
Status in freetype package in Ubuntu:
Fix Released
Status in freetype source package in Trusty:
New
Status in freetype source package in Xenial:
New
Status in freetype source package in Bionic:
New
Status in freetype source package in Focal:
Fix Released
Bug description:
focal and earlier need this commit to prevent a DoS:
https://gitlab.freedesktop.org/freetype/freetype/-/commit/216e077600a58346bb022d8409fd82e9d914a10a
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/2028863/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
