django-cfg (>=1.7.65 <=2.2.60), dynrender-skia (>=0.2.6 <=0.2.8) +8 more potentially affected by CVE-2025-27363 via skia-python (>=121.0.0b6 <=138.0.0)

skia-python PYPI version =121.0.0b6, =1.7.65, =0.2.6, =1.0.0b7, =0.1.1, =0.1.0, =2.1.1, =0.6.2, =1.6.0, =0.1.0, =0.2.0 Source cves: CVE-2025-27363 Source advisory: OSV:GHSA-2MHW-8QCG-GR96...

skia-python vendors vulnerable libfreetype because of pinned cibuildwheel version

Impact The Linux wheels for skia-python vendor a vulnerable version of libfreetype that is affected by CVE-2025-27363 1. The root cause is a chain of unfortunate events: 1. skia-python builds wheels using pinned pypa/[email protected] 2 2. cibuildwheel 2.21.3 in turn pins manylinux container...

GHSA-2MHW-8QCG-GR96 skia-python vendors vulnerable libfreetype because of pinned cibuildwheel version

Impact The Linux wheels for skia-python vendor a vulnerable version of libfreetype that is affected by CVE-2025-27363 1. The root cause is a chain of unfortunate events: 1. skia-python builds wheels using pinned pypa/[email protected] 2 2. cibuildwheel 2.21.3 in turn pins manylinux container...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write when attempting to parse font subglyph structures related to TrueType GX and variable font files, an out of bounds write occurs. This issue arises from assigning a signed short value to an unsigned long and then addi...