OOB write fixes for CVE-2025-27363
Merge Request Required Information
Summary of Changes
Simplified fix for CVE-2025-27363 from Marc Deslauriers (Ubuntu) https://www.openwall.com/lists/oss-security/2025/03/14/3
amended by Jonathan Wright (Alma) to apply cleanly to EL9 and with the initialization fix from https://gitlab.freedesktop.org/freetype/freetype/-/commit/ef636696524b081f1b8819eb0c6a0b932d35757d
suggested by a member of the Meta security team.
This has been tested against a POC crafted font (shared under embargo) to be sufficient to prevent the issue; we have concerns that trying to cherry-pick fixes from 2.13.x requires backporting a lot of commits (up to 4 identified so far) and is riskier than just fixing the specific issues:
- https://gitlab.freedesktop.org/freetype/freetype/-/commit/c71eb22dde1a3101891a865fdac20a6de814267d
- https://gitlab.freedesktop.org/freetype/freetype/-/commit/ef636696524b081f1b8819eb0c6a0b932d35757d
- https://gitlab.freedesktop.org/freetype/freetype/-/commit/73720c7c9958e87b3d134a7574d1720ad2d24442
- https://gitlab.freedesktop.org/freetype/freetype/-/commit/47103b2f195e0f9664c9470182f063cb7d41dc9f
Approved Development Ticket(s)
Click for formatting instructions
Please follow the CentOS Stream contribution documentation for how to file this ticket and have it approved.List tickets each on their own line of this description using the format "Resolves: RHEL-76229", "Related: RHEL-76229" or "Reverts: RHEL-76229", as appropriate.