INFSA-2025:8292: mingw-freetype and spice-client-win security update
Information about definition
Identificator: INFSA-2025:8292
Type: security
Release date: 2025-07-07 11:10:09 UTC
Information about package
MinGW Windows Freetype library.
Vulnerabilities description
- CVE-2025-27363
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
- CVE-2025-32050
A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.
- CVE-2025-32052
A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
- CVE-2025-32053
A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.
- CVE-2025-32906
A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.
- CVE-2025-32911
A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.
- CVE-2025-32913
A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.
- CVE-2025-32907
A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.
- CVE-2025-32909
A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash.
- CVE-2025-32910
A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-27363
|
no information | 8.1 | no information |
|
NIST — CVE-2025-32050
|
no information | 5.9 | no information |
|
NIST — CVE-2025-32052
|
no information | 6.5 | no information |
|
NIST — CVE-2025-32053
|
no information | 6.5 | no information |
|
NIST — CVE-2025-32906
|
no information | 7.5 | no information |
|
NIST — CVE-2025-32907
|
no information | 5.3 | no information |
|
NIST — CVE-2025-32909
|
no information | 5.3 | no information |
|
NIST — CVE-2025-32910
|
no information | 6.5 | no information |
|
NIST — CVE-2025-32911
|
no information | 9.0 | no information |
|
NIST — CVE-2025-32913
|
no information | 7.5 | no information |
Updated packages