GCVE-VVD-MAGEIA-2025-99

Advisory Published

Vulnetix · Advisory published November 17, 2025

An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files which may result in arbitrary code execution.

Download JSON Open in Console

Affected Products

Vendor	Product	Versions	Platforms
Mageia	gspell	0 (affected), 1.12.1-1.1.mga9 (unaffected)	—
Mageia	libcdr	0 (affected), 0.1.7-5.1.mga9 (unaffected)	—
Mageia	0ad	0 (affected), 0.0.26-3.1.mga9 (unaffected)	—
Mageia	c-icap-modules-classify	0 (affected), 20180416-15.1.mga9 (unaffected)	—
Mageia	enchant2	0 (affected), 2.3.3-2.1.mga9 (unaffected)	—
Mageia	gnustep-base	0 (affected), 1.28.0-2.1.mga9 (unaffected)	—
Mageia	gnustep-gui	0 (affected), 0.28.0-10.1.mga9 (unaffected)	—
Mageia	konsole	0 (affected), 23.04.3-1.1.mga9 (unaffected)	—
Mageia	qtwebengine5	0 (affected), 5.15.10-8.1.mga9 (unaffected)	—
Mageia	qtwebengine6	0 (affected), 6.4.1-5.1.mga9 (unaffected)	—
Mageia	performous	0 (affected), 1.2.0-6.1.mga9 (unaffected)	—
Mageia	plasma-workspace	0 (affected), 5.27.10-1.3.mga9 (unaffected)	—
Mageia	R-base	0 (affected), 4.3.3-1.1.mga9 (unaffected)	—
Mageia	scribus	0 (affected), 1.5.8-11.1.mga9 (unaffected)	—
Mageia	strawberry	0 (affected), 1.0.17-1.1.mga9 (unaffected)	—
Mageia	subtitlecomposer	0 (affected), 0.7.1-3.1.mga9 (unaffected)	—
Mageia	mpd	0 (affected), 0.23.11-4.1.mga9 (unaffected), 0 (affected), 0.23.11-4.1.mga9.tainted (unaffected)	—
Mageia	freetype2	0 (affected), 2.13.0-1.2.mga9 (unaffected), 0 (affected), 2.13.0-1.2.mga9.tainted (unaffected), 0 (affected), 2.13.0-1.2.mga9 (unaffected), 0 (affected), 2.13.0-1.2.mga9.tainted (unaffected)	—