Amazon Linux 2 Security Advisory: ALAS-2025-2806
Advisory Release Date: 2025-03-26 19:24 Pacific
Advisory Updated Date: 2025-04-01 16:23 Pacific
FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c. (CVE-2025-23022)
An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild. (CVE-2025-27363)
Affected Packages:
freetype
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update freetype to update your system.
aarch64:
freetype-2.8-14.amzn2.1.4.aarch64
freetype-demos-2.8-14.amzn2.1.4.aarch64
freetype-devel-2.8-14.amzn2.1.4.aarch64
freetype-debuginfo-2.8-14.amzn2.1.4.aarch64
i686:
freetype-2.8-14.amzn2.1.4.i686
freetype-demos-2.8-14.amzn2.1.4.i686
freetype-devel-2.8-14.amzn2.1.4.i686
freetype-debuginfo-2.8-14.amzn2.1.4.i686
src:
freetype-2.8-14.amzn2.1.4.src
x86_64:
freetype-2.8-14.amzn2.1.4.x86_64
freetype-demos-2.8-14.amzn2.1.4.x86_64
freetype-devel-2.8-14.amzn2.1.4.x86_64
freetype-debuginfo-2.8-14.amzn2.1.4.x86_64