Should I be concerned that 'FreeType 2 fontengine, shared library' files come up as a security update? I tried to google it and all things came up about it having security flaws. Is this update indicating that it might be fixing that or should I skip updating this for now?
Welcome to the Forum!
Click on the FreeType 2 Update Entry and read the Description what will appear in the bottom Field.
Thanks for your response.
It states: "* SECURITY UPDATE: OOB write via font subglyph structures parsing
- debian/patches/CVE-2025-27363.patch: make sure limit doesn't overflow
in src/truetype/ttgload.c.
- CVE-2025-27363"
with link to CVE - CVE-2025-27363
I don't understand whether this website is saying it's vulnerable or not vulnerable
You should install security updates, they are fixes to vulnerabilities found in packages installed in your system.
That website is giving some details about what caused the issue and how it's fixed. You can see a more clear summary here:
2 Likes
Because this is a Securtity Update it is a Vulnerability.
2 Likes
Install it, it is a security fix.
1 Like