rpm package
almalinux/mingw64-freetype-static
pkg:rpm/almalinux/mingw64-freetype-static
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-32911 | Cri | 9.0 | < 2.8-3.el8_10.1 | 2.8-3.el8_10.1 | Apr 15, 2025 | A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server. | |
| CVE-2025-32910 | Med | 6.5 | < 2.8-3.el8_10.1 | 2.8-3.el8_10.1 | Apr 14, 2025 | A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash. | |
| CVE-2025-32909 | Med | 5.3 | < 2.8-3.el8_10.1 | 2.8-3.el8_10.1 | Apr 14, 2025 | A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash. | |
| CVE-2025-32913 | Hig | 7.5 | < 2.8-3.el8_10.1 | 2.8-3.el8_10.1 | Apr 14, 2025 | A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function. | |
| CVE-2025-32907 | Med | 5.3 | < 2.8-3.el8_10.1 | 2.8-3.el8_10.1 | Apr 14, 2025 | A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does n | |
| CVE-2025-32906 | Hig | 7.5 | < 2.8-3.el8_10.1 | 2.8-3.el8_10.1 | Apr 14, 2025 | A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server. | |
| CVE-2025-32053 | Med | 6.5 | < 2.8-3.el8_10.1 | 2.8-3.el8_10.1 | Apr 3, 2025 | A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read. | |
| CVE-2025-32052 | Med | 6.5 | < 2.8-3.el8_10.1 | 2.8-3.el8_10.1 | Apr 3, 2025 | A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read. | |
| CVE-2025-32050 | Med | 5.9 | < 2.8-3.el8_10.1 | 2.8-3.el8_10.1 | Apr 3, 2025 | A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read. | |
| CVE-2025-27363 | Hig | 8.1 | KEV | < 2.8-3.el8_10.1 | 2.8-3.el8_10.1 | Mar 11, 2025 | An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned lo |
- affected < 2.8-3.el8_10.1fixed 2.8-3.el8_10.1
A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.
- affected < 2.8-3.el8_10.1fixed 2.8-3.el8_10.1
A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.
- affected < 2.8-3.el8_10.1fixed 2.8-3.el8_10.1
A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash.
- affected < 2.8-3.el8_10.1fixed 2.8-3.el8_10.1
A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.
- affected < 2.8-3.el8_10.1fixed 2.8-3.el8_10.1
A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does n
- affected < 2.8-3.el8_10.1fixed 2.8-3.el8_10.1
A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.
- affected < 2.8-3.el8_10.1fixed 2.8-3.el8_10.1
A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.
- affected < 2.8-3.el8_10.1fixed 2.8-3.el8_10.1
A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
- affected < 2.8-3.el8_10.1fixed 2.8-3.el8_10.1
A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.
- affected < 2.8-3.el8_10.1fixed 2.8-3.el8_10.1
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned lo