{"id":"ALSA-2025:3421","summary":"Important: freetype security update","details":"FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently.  \n\nSecurity Fix(es):  \n\n  * freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and variable font files (CVE-2025-27363)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","modified":"2026-01-30T02:35:32.418341Z","published":"2025-03-31T00:00:00Z","related":["CVE-2025-27363"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:3421"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-27363"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2351357"},{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2025-3421.html"}],"affected":[{"package":{"name":"freetype","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/freetype"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.1-10.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:3421.json"}},{"package":{"name":"freetype-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/freetype-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.1-10.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:3421.json"}}],"schema_version":"1.7.3"}