vulnerability
Amazon Linux 2023: CVE-2025-27363: Important priority package update for freetype
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:H/Au:N/C:C/I:C/A:C) | Mar 11, 2025 | Apr 15, 2025 | May 7, 2025 |
Severity
8
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
Published
Mar 11, 2025
Added
Apr 15, 2025
Modified
May 7, 2025
Description
A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.
Solution(s)
amazon-linux-2023-upgrade-freetypeamazon-linux-2023-upgrade-freetype-debuginfoamazon-linux-2023-upgrade-freetype-debugsourceamazon-linux-2023-upgrade-freetype-demosamazon-linux-2023-upgrade-freetype-demos-debuginfoamazon-linux-2023-upgrade-freetype-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.