VDB

GCVE-110-MAGEIA-2025-99

GCVE-110-MAGEIA-2025-99
Advisory Published
Vulnetix · Advisory published March 16, 2025
An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files which may result in arbitrary code execution.

Affected Products

VendorProductVersionsPlatforms
Mageiafreetype20 (affected), 2.13.0-1.2.mga9.tainted (unaffected), 2.13.0-1.2.mga9 (unaffected), 0 (affected), 0 (affected), 2.13.0-1.2.mga9 (unaffected), 0 (affected), 2.13.0-1.2.mga9.tainted (unaffected)
Mageiaperformous0 (affected), 1.2.0-6.1.mga9 (unaffected)
Mageiagspell1.12.1-1.1.mga9 (unaffected), 0 (affected)
Mageiasubtitlecomposer0 (affected), 0.7.1-3.1.mga9 (unaffected)
Mageiastrawberry1.0.17-1.1.mga9 (unaffected), 0 (affected)
Mageiagnustep-base0 (affected), 1.28.0-2.1.mga9 (unaffected)
Mageiaenchant20 (affected), 2.3.3-2.1.mga9 (unaffected)
Mageiac-icap-modules-classify0 (affected), 20180416-15.1.mga9 (unaffected)
Mageia0ad0 (affected), 0.0.26-3.1.mga9 (unaffected)
Mageiaqtwebengine60 (affected), 6.4.1-5.1.mga9 (unaffected)
Mageiaplasma-workspace0 (affected), 5.27.10-1.3.mga9 (unaffected)
Mageiampd0.23.11-4.1.mga9 (unaffected), 0 (affected), 0.23.11-4.1.mga9.tainted (unaffected), 0 (affected)
Mageiakonsole0 (affected), 23.04.3-1.1.mga9 (unaffected)
Mageiascribus0 (affected), 1.5.8-11.1.mga9 (unaffected)
Mageiagnustep-gui0 (affected), 0.28.0-10.1.mga9 (unaffected)
MageiaR-base4.3.3-1.1.mga9 (unaffected), 0 (affected)
Mageialibcdr0 (affected), 0.1.7-5.1.mga9 (unaffected)
Mageiaqtwebengine50 (affected), 5.15.10-8.1.mga9 (unaffected)

Browse GCVE Records

73,834 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›