freetype-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [oss-security] CVE-2025-27363: out of bounds write in FreeType <= 2.

From: Alexei Podtelezhnikov
Subject: Re: [oss-security] CVE-2025-27363: out of bounds write in FreeType <= 2.13.0
Date: Thu, 13 Mar 2025 07:23:42 -0400 
On Wed, Mar 12, 2025 at 9:37 PM Alan Coopersmith
<alan.coopersmith@oracle.com> wrote:
> https://www.facebook.com/security/advisories/cve-2025-27363
>
> https://gitlab.freedesktop.org/freetype/freetype/-/commit/ef636696524b081f1b8819eb0c6a0b932d35757d

Dear Alan

We have been informed in advance about this. We suspect that Meta used
some AI tools to scan the commit history and identify commits with
potential changes in memory access patterns. The first claim was that
<= 2.13.2 were vulnerable, which we pushed back by a year and a half.

In this brave new world, freezing the old software versions is no
longer viable for the open systems. We invite everybody to use the
most recent version and help us improve FreeType, rather than engaging
in the patch race against AI.

Alexei
reply via email to
[Prev in Thread] Current Thread [Next in Thread]