Show plain JSON{"affected_release": [{"advisory": "RHSA-2025:3395", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "freetype-0:2.8-15.el7_9.1", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:8292", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "mingw-freetype-0:2.8-3.el8_10.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-05-29T00:00:00Z"}, {"advisory": "RHSA-2025:8292", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "spice-client-win-0:8.10-1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-05-29T00:00:00Z"}, {"advisory": "RHSA-2025:3421", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "freetype-0:2.9.1-10.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3393", "cpe": "cpe:/o:redhat:rhel_aus:8.2", "package": "freetype-0:2.9.1-5.el8_2.1", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:8253", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "spice-client-win-0:8.4-2", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-05-28T00:00:00Z"}, {"advisory": "RHSA-2025:3382", "cpe": "cpe:/o:redhat:rhel_aus:8.4", "package": "freetype-0:2.9.1-7.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:8253", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "spice-client-win-0:8.4-2", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-05-28T00:00:00Z"}, {"advisory": "RHSA-2025:3382", "cpe": "cpe:/o:redhat:rhel_tus:8.4", "package": "freetype-0:2.9.1-7.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:8253", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "spice-client-win-0:8.4-2", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-05-28T00:00:00Z"}, {"advisory": "RHSA-2025:3382", "cpe": "cpe:/o:redhat:rhel_e4s:8.4", "package": "freetype-0:2.9.1-7.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:8219", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "spice-client-win-0:8.6-1", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-05-27T00:00:00Z"}, {"advisory": "RHSA-2025:3385", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "freetype-0:2.9.1-6.el8_6.3", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:8219", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "spice-client-win-0:8.6-1", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-05-27T00:00:00Z"}, {"advisory": "RHSA-2025:3385", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "freetype-0:2.9.1-6.el8_6.3", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:8219", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "spice-client-win-0:8.6-1", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-05-27T00:00:00Z"}, {"advisory": "RHSA-2025:3385", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "freetype-0:2.9.1-6.el8_6.3", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:8195", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "mingw-freetype-0:2.8-3.el8_8.1", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-05-27T00:00:00Z"}, {"advisory": "RHSA-2025:8195", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "spice-client-win-0:8.8-5", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-05-27T00:00:00Z"}, {"advisory": "RHSA-2025:3386", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "freetype-0:2.9.1-10.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3407", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "freetype-0:2.10.4-10.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3407", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "freetype-0:2.10.4-10.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3387", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "freetype-0:2.10.4-7.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3384", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "freetype-0:2.10.4-10.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3383", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "freetype-0:2.10.4-10.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3573", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/network-tools-rhel8:v4.12.0-202503310133.p0.gc76613c.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2025-04-10T00:00:00Z"}, {"advisory": "RHSA-2025:3573", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-kuryr-cni-rhel8:v4.12.0-202503310133.p0.g8fd2f8b.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2025-04-10T00:00:00Z"}, {"advisory": "RHSA-2025:3573", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-kuryr-controller-rhel8:v4.12.0-202503310133.p0.g8fd2f8b.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2025-04-10T00:00:00Z"}, {"advisory": "RHSA-2025:3573", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-tests:v4.12.0-202503310133.p0.g893161e.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2025-04-10T00:00:00Z"}, {"advisory": "RHSA-2025:3573", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-tools-rhel8:v4.12.0-202503310133.p0.gd691257.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2025-04-10T00:00:00Z"}, {"advisory": "RHSA-2025:3573", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "rhcos-412.86.202503310142-0", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2025-04-10T00:00:00Z"}], "bugzilla": {"description": "freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and variable font files", "id": "2351357", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351357"}, "csaw": true, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior."], "mitigation": {"lang": "en:us", "value": "By restricting the sources from which font files can be loaded allowing only fonts from trusted sources, as well as validating the input for font files to avoid malformed font structures or any data which could trigger the vulnerability would reduce the risk and mitigate this vulnerability until the fix is provided."}, "name": "CVE-2025-27363", "package_state": [{"cpe": "cpe:/a:redhat:openjdk:11", "fix_state": "Not affected", "package_name": "java-11-openjdk", "product_name": "Red Hat build of OpenJDK 11"}, {"cpe": "cpe:/a:redhat:openjdk:17", "fix_state": "Not affected", "package_name": "java-17-openjdk", "product_name": "Red Hat build of OpenJDK 17"}, {"cpe": "cpe:/a:redhat:openjdk:21", "fix_state": "Not affected", "package_name": "java-21-openjdk-rhel7", "product_name": "Red Hat build of OpenJDK 21"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "freetype", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "gjs", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "java-21-openjdk", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "freetype", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "java-17-openjdk", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "java-21-openjdk", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox:flatpak/firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "java-17-openjdk", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "java-21-openjdk", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-03-11T13:28:31Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-27363\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-27363\nhttps://www.facebook.com/security/advisories/cve-2025-27363\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "This vulnerability stems from improper handling of data types within the FreeType library during the parsing of font subglyph structures. This could causes incorrect calculations that result in heap buffer allocation being too small. This could allow the library write data beyond the allocated buffer, affecting adjacent memory areas, leading into arbitrary code executions compromising the entire system and system stability such as misleading behaviors in applications which relies on FreeType, or causing possible crashes impacting the entire system.", "threat_severity": "Important"}