惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
V2EX
W
WeLiveSecurity
IT之家
IT之家
A
About on SuperTechFans
B
Blog
L
LangChain Blog
H
Help Net Security
Engineering at Meta
Engineering at Meta
Recent Announcements
Recent Announcements
Google Online Security Blog
Google Online Security Blog
宝玉的分享
宝玉的分享
MyScale Blog
MyScale Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
N
News and Events Feed by Topic
Schneier on Security
Schneier on Security
GbyAI
GbyAI
博客园 - 叶小钗
人人都是产品经理
人人都是产品经理
S
SegmentFault 最新的问题
Cloudbric
Cloudbric
WordPress大学
WordPress大学
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Y
Y Combinator Blog
S
Security Affairs
The Last Watchdog
The Last Watchdog
H
Heimdal Security Blog
T
The Blog of Author Tim Ferriss
Last Week in AI
Last Week in AI
博客园 - 聂微东
H
Hackread – Cybersecurity News, Data Breaches, AI and More
P
Privacy & Cybersecurity Law Blog
V
Visual Studio Blog
H
Hacker News: Front Page
Recorded Future
Recorded Future
Cyberwarzone
Cyberwarzone
L
Lohrmann on Cybersecurity
Simon Willison's Weblog
Simon Willison's Weblog
P
Privacy International News Feed
博客园 - 三生石上(FineUI控件)
大猫的无限游戏
大猫的无限游戏
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Blog — PlanetScale
Blog — PlanetScale
G
Google Developers Blog
aimingoo的专栏
aimingoo的专栏
C
Cybersecurity and Infrastructure Security Agency CISA
AWS News Blog
AWS News Blog
Jina AI
Jina AI
N
News | PayPal Newsroom
S
Schneier on Security

Arch Linux Security Advisories

[ASA-202506-6] python-django: content spoofing - Arch Linux [ASA-202506-5] konsole: arbitrary code execution [ASA-202506-4] go: multiple issues - Arch Linux [ASA-202506-3] samba: access restriction bypass [ASA-202506-2] curl: denial of service [ASA-202506-1] roundcubemail: arbitrary code execution [ASA-202505-15] ghostscript: information disclosure - Arch Linux [ASA-202505-14] bind: denial of service [ASA-202505-13] varnish: content spoofing - Arch Linux [ASA-202505-12] go: directory traversal - Arch Linux [ASA-202505-10] python-django: denial of service [ASA-202505-9] dropbear: arbitrary command execution [ASA-202505-8] nodejs-lts-iron: multiple issues - Arch Linux [ASA-202505-7] nodejs-lts-jod: denial of service
[ASA-202505-11] freetype2: arbitrary code execution
Arch Linux S · 2025-05-20 · via Arch Linux Security Advisories

ASA-202505-11 log generated external raw

[ASA-202505-11] freetype2: arbitrary code execution

Arch Linux Security Advisory ASA-202505-11 ========================================== Severity: High Date : 2025-05-19 CVE-ID : CVE-2025-27363 Package : freetype2 Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2877 Summary ======= The package freetype2 before version 2.13.3-3 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 2.13.3-3. # pacman -Syu "freetype2>=2.13.3-3" The problem has been fixed upstream in version 2.13.3. Workaround ========== None. Description =========== An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild. Impact ====== A remote attacker that is able to load a specially crafted font file is able to execute arbitrary code on the affected host. References ========== https://www.facebook.com/security/advisories/cve-2025-27363 https://gitlab.freedesktop.org/freetype/freetype/-/commit/ef636696524b081f1b8819eb0c6a0b932d35757d https://security.archlinux.org/CVE-2025-27363