USN-7352-2

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-7352-2

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7352-2.json

JSON Data

https://api.test.osv.dev/v1/vulns/USN-7352-2

Related

Published

2025-03-17T14:23:29.489294Z

Modified

2025-03-17T14:23:29.489294Z

Summary

freetype vulnerabilities

Details

USN-7352-1 fixed a vulnerability in FreeType. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update also fixes an additional vulnerability in Ubuntu 14.04 LTS.

Original advisory details:

It was discovered that FreeType incorrectly handled certain memory operations when parsing font subglyph structures. A remote attacker could use this issue to cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2025-27363)

Additional advisory details:

It was discovered that FreeType incorrectly handled certain memory operations during typical execution. An attacker could possibly use this issue to cause FreeType to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2022-27406)

References

Affected packages

Ubuntu:Pro:14.04:LTS / freetype

Package

Name: freetype
Purl: pkg:deb/ubuntu/freetype@2.5.2-1ubuntu2.8+esm3?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.2-1ubuntu2.8+esm3

Affected versions

2.*

2.4.12-0ubuntu1

2.5.0.1-0ubuntu2

2.5.1-1ubuntu1

2.5.1-1ubuntu2

2.5.1-2ubuntu1

2.5.2-1ubuntu1

2.5.2-1ubuntu2

2.5.2-1ubuntu2.1

2.5.2-1ubuntu2.2

2.5.2-1ubuntu2.3

2.5.2-1ubuntu2.4

2.5.2-1ubuntu2.5

2.5.2-1ubuntu2.6

2.5.2-1ubuntu2.7

2.5.2-1ubuntu2.8

2.5.2-1ubuntu2.8+esm1

2.5.2-1ubuntu2.8+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "2.5.2-1ubuntu2.8+esm3",
            "binary_name": "freetype2-demos"
        },
        {
            "binary_version": "2.5.2-1ubuntu2.8+esm3",
            "binary_name": "libfreetype6"
        },
        {
            "binary_version": "2.5.2-1ubuntu2.8+esm3",
            "binary_name": "libfreetype6-dev"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / freetype

Package

Name: freetype
Purl: pkg:deb/ubuntu/freetype@2.6.1-0.1ubuntu2.5+esm2?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.6.1-0.1ubuntu2.5+esm2

Affected versions

2.*

2.5.2-4ubuntu2

2.6.1-0.1ubuntu1

2.6.1-0.1ubuntu2

2.6.1-0.1ubuntu2.1

2.6.1-0.1ubuntu2.2

2.6.1-0.1ubuntu2.3

2.6.1-0.1ubuntu2.4

2.6.1-0.1ubuntu2.5

2.6.1-0.1ubuntu2.5+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "2.6.1-0.1ubuntu2.5+esm2",
            "binary_name": "freetype2-demos"
        },
        {
            "binary_version": "2.6.1-0.1ubuntu2.5+esm2",
            "binary_name": "freetype2-demos-dbgsym"
        },
        {
            "binary_version": "2.6.1-0.1ubuntu2.5+esm2",
            "binary_name": "libfreetype6"
        },
        {
            "binary_version": "2.6.1-0.1ubuntu2.5+esm2",
            "binary_name": "libfreetype6-dbgsym"
        },
        {
            "binary_version": "2.6.1-0.1ubuntu2.5+esm2",
            "binary_name": "libfreetype6-dev"
        },
        {
            "binary_version": "2.6.1-0.1ubuntu2.5+esm2",
            "binary_name": "libfreetype6-udeb"
        },
        {
            "binary_version": "2.6.1-0.1ubuntu2.5+esm2",
            "binary_name": "libfreetype6-udeb-dbgsym"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / freetype

Package

Name: freetype
Purl: pkg:deb/ubuntu/freetype@2.8.1-2ubuntu2.2+esm1?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.8.1-2ubuntu2.2+esm1

Affected versions

2.*

2.8-0.2ubuntu2

2.8.1-0.1ubuntu2

2.8.1-0.1ubuntu3

2.8.1-2ubuntu1

2.8.1-2ubuntu2

2.8.1-2ubuntu2.1

2.8.1-2ubuntu2.2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "2.8.1-2ubuntu2.2+esm1",
            "binary_name": "freetype2-demos"
        },
        {
            "binary_version": "2.8.1-2ubuntu2.2+esm1",
            "binary_name": "freetype2-demos-dbgsym"
        },
        {
            "binary_version": "2.8.1-2ubuntu2.2+esm1",
            "binary_name": "libfreetype6"
        },
        {
            "binary_version": "2.8.1-2ubuntu2.2+esm1",
            "binary_name": "libfreetype6-dbgsym"
        },
        {
            "binary_version": "2.8.1-2ubuntu2.2+esm1",
            "binary_name": "libfreetype6-dev"
        },
        {
            "binary_version": "2.8.1-2ubuntu2.2+esm1",
            "binary_name": "libfreetype6-udeb"
        }
    ]
}