USN-7352-2

Source
https://ubuntu.com/security/notices/USN-7352-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7352-2.json
JSON Data
https://api.test.osv.dev/v1/vulns/USN-7352-2
Related
Published
2025-03-17T14:23:29.489294Z
Modified
2025-03-17T14:23:29.489294Z
Summary
freetype vulnerabilities
Details

USN-7352-1 fixed a vulnerability in FreeType. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update also fixes an additional vulnerability in Ubuntu 14.04 LTS.

Original advisory details:

It was discovered that FreeType incorrectly handled certain memory operations when parsing font subglyph structures. A remote attacker could use this issue to cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2025-27363)

Additional advisory details:

It was discovered that FreeType incorrectly handled certain memory operations during typical execution. An attacker could possibly use this issue to cause FreeType to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2022-27406)

References

Affected packages

Ubuntu:Pro:14.04:LTS / freetype

Package

Name
freetype
Purl
pkg:deb/ubuntu/freetype@2.5.2-1ubuntu2.8+esm3?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-1ubuntu2.8+esm3

Affected versions

2.*

2.4.12-0ubuntu1
2.5.0.1-0ubuntu2
2.5.1-1ubuntu1
2.5.1-1ubuntu2
2.5.1-2ubuntu1
2.5.2-1ubuntu1
2.5.2-1ubuntu2
2.5.2-1ubuntu2.1
2.5.2-1ubuntu2.2
2.5.2-1ubuntu2.3
2.5.2-1ubuntu2.4
2.5.2-1ubuntu2.5
2.5.2-1ubuntu2.6
2.5.2-1ubuntu2.7
2.5.2-1ubuntu2.8
2.5.2-1ubuntu2.8+esm1
2.5.2-1ubuntu2.8+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "2.5.2-1ubuntu2.8+esm3",
            "binary_name": "freetype2-demos"
        },
        {
            "binary_version": "2.5.2-1ubuntu2.8+esm3",
            "binary_name": "libfreetype6"
        },
        {
            "binary_version": "2.5.2-1ubuntu2.8+esm3",
            "binary_name": "libfreetype6-dev"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / freetype

Package

Name
freetype
Purl
pkg:deb/ubuntu/freetype@2.6.1-0.1ubuntu2.5+esm2?arch=source&distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.1-0.1ubuntu2.5+esm2

Affected versions

2.*

2.5.2-4ubuntu2
2.6.1-0.1ubuntu1
2.6.1-0.1ubuntu2
2.6.1-0.1ubuntu2.1
2.6.1-0.1ubuntu2.2
2.6.1-0.1ubuntu2.3
2.6.1-0.1ubuntu2.4
2.6.1-0.1ubuntu2.5
2.6.1-0.1ubuntu2.5+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "2.6.1-0.1ubuntu2.5+esm2",
            "binary_name": "freetype2-demos"
        },
        {
            "binary_version": "2.6.1-0.1ubuntu2.5+esm2",
            "binary_name": "freetype2-demos-dbgsym"
        },
        {
            "binary_version": "2.6.1-0.1ubuntu2.5+esm2",
            "binary_name": "libfreetype6"
        },
        {
            "binary_version": "2.6.1-0.1ubuntu2.5+esm2",
            "binary_name": "libfreetype6-dbgsym"
        },
        {
            "binary_version": "2.6.1-0.1ubuntu2.5+esm2",
            "binary_name": "libfreetype6-dev"
        },
        {
            "binary_version": "2.6.1-0.1ubuntu2.5+esm2",
            "binary_name": "libfreetype6-udeb"
        },
        {
            "binary_version": "2.6.1-0.1ubuntu2.5+esm2",
            "binary_name": "libfreetype6-udeb-dbgsym"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / freetype

Package

Name
freetype
Purl
pkg:deb/ubuntu/freetype@2.8.1-2ubuntu2.2+esm1?arch=source&distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.1-2ubuntu2.2+esm1

Affected versions

2.*

2.8-0.2ubuntu2
2.8.1-0.1ubuntu2
2.8.1-0.1ubuntu3
2.8.1-2ubuntu1
2.8.1-2ubuntu2
2.8.1-2ubuntu2.1
2.8.1-2ubuntu2.2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "2.8.1-2ubuntu2.2+esm1",
            "binary_name": "freetype2-demos"
        },
        {
            "binary_version": "2.8.1-2ubuntu2.2+esm1",
            "binary_name": "freetype2-demos-dbgsym"
        },
        {
            "binary_version": "2.8.1-2ubuntu2.2+esm1",
            "binary_name": "libfreetype6"
        },
        {
            "binary_version": "2.8.1-2ubuntu2.2+esm1",
            "binary_name": "libfreetype6-dbgsym"
        },
        {
            "binary_version": "2.8.1-2ubuntu2.2+esm1",
            "binary_name": "libfreetype6-dev"
        },
        {
            "binary_version": "2.8.1-2ubuntu2.2+esm1",
            "binary_name": "libfreetype6-udeb"
        }
    ]
}