VDB
GHSA-2mhw-8qcg-gr96
GHSA-2mhw-8qcg-gr96
PUBLISHED
CVSS 8.100000381469727 HIGH
skia-python vendors vulnerable libfreetype because of pinned cibuildwheel version
Risk Scores
CVSS v3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | skia-python | 144.0, 0, 0.0.3 |
Timeline
- Mar 11, 2025 PoC Published
- Feb 28, 2026 Security Advisory
- Mar 19, 2026 CVE Published
References
- https://github.com/kyamagu/skia-python/security/advisories/GHSA-2mhw-8qcg-gr96 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-27363 advisory
- https://github.com/kyamagu/skia-python package
- skia-python vendors vulnerable libfreetype because of pinned cibuildwheel version advisory
- http://www.openwall.com/lists/oss-security/2025/03/13/1 web
- http://www.openwall.com/lists/oss-security/2025/03/13/2 web
- http://www.openwall.com/lists/oss-security/2025/03/14/4 web
- https://source.android.com/docs/security/bulletin/2025-05-01 web
- https://www.facebook.com/security/advisories/cve-2025-27363 web
- http://www.openwall.com/lists/oss-security/2025/03/13/11 web
- http://www.openwall.com/lists/oss-security/2025/03/13/3 web
- http://www.openwall.com/lists/oss-security/2025/03/14/3 web
- http://www.openwall.com/lists/oss-security/2025/05/06/3 web
- http://www.openwall.com/lists/oss-security/2025/03/14/1 web
- https://lists.debian.org/debian-lts-announce/2025/03/msg00030.html web
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-27363 web
- http://www.openwall.com/lists/oss-security/2025/03/13/12 web
- http://www.openwall.com/lists/oss-security/2025/03/13/8 web
- http://www.openwall.com/lists/oss-security/2025/03/14/2 web