| Package | freetype |
|---|---|
| Version | 2.5.2-3+deb8u6 (jessie), 2.6.3-3.2+deb9u3 (stretch) |
| Related CVEs | CVE-2022-27405 CVE-2022-27406 |
Two issues have been found in freetype, a FreeType 2 font engine. Both issues are related to segmentation violations in different functions: ft_open_face_internal() and FT_Request_Size().
For Debian 8 jessie, these problems have been fixed in version 2.5.2-3+deb8u6.
For Debian 9 stretch, these problems have been fixed in version 2.6.3-3.2+deb9u3.
We recommend that you upgrade your freetype packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.