Skip to content
Snippets Groups Projects

OOB write fixes for CVE-2025-27363

Open Michel Lind requested to merge michel-slm/freetype:c9s-cve-2025-27363 into c9s

Merge Request Required Information

Summary of Changes

Simplified fix for CVE-2025-27363 from Marc Deslauriers (Ubuntu) https://www.openwall.com/lists/oss-security/2025/03/14/3

amended by Jonathan Wright (Alma) to apply cleanly to EL9 and with the initialization fix from https://gitlab.freedesktop.org/freetype/freetype/-/commit/ef636696524b081f1b8819eb0c6a0b932d35757d

suggested by a member of the Meta security team.

This has been tested against a POC crafted font (shared under embargo) to be sufficient to prevent the issue; we have concerns that trying to cherry-pick fixes from 2.13.x requires backporting a lot of commits (up to 4 identified so far) and is riskier than just fixing the specific issues:

Approved Development Ticket(s)

Click for formatting instructions Please follow the CentOS Stream contribution documentation for how to file this ticket and have it approved.

List tickets each on their own line of this description using the format "Resolves: RHEL-76229", "Related: RHEL-76229" or "Reverts: RHEL-76229", as appropriate.

Edited by Michel Lind

Merge request reports

Members who can merge are allowed to add commits.

Merged results pipeline #1717646084 failed

Merged results pipeline failed for 9ec0eb5c

Ready to merge by members who can write to the target branch.
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Michel Lind added 1 commit

    added 1 commit

    • f17e315b - TrueType clean up and unsigned fixes for CVE-2025-27363

    Compare with previous version

  • CentOS Stream Zuul CI unapproved this merge request

    unapproved this merge request

  • I've updated this since with the patch applied, it turns out I missed some points -> outline.points when redoing the commit applied to 2.13.x. It builds now, doing manual testing on my c9s VM in a bit and will report back.

  • Michel Lind resolved all threads

    resolved all threads

  • Michel Lind resolved all threads

    resolved all threads

  • CentOS Stream Zuul CI approved this merge request

    approved this merge request

  • mkasik requested review from @mkasik

    requested review from @mkasik

  • Finding no issues in testing.

    LGTM.

  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Please register or sign in to reply
    Loading