The advisory covers ten vulnerabilities affecting the mingw-freetype library and libsoup in Red Hat Enterprise Linux 8. The key issues include an out-of-bounds write in freetype when parsing TrueType GX and variable font files (CVE-2025-27363), and multiple memory safety flaws in libsoup such as integer overflow (CVE-2025-32050), heap buffer overflows (CVE-2025-32052, CVE-2025-32053), out-of-bounds reads (CVE-2025-32906), denial of service via overlapping range requests (CVE-2025-32907), null pointer dereferences (CVE-2025-32909, CVE-2025-32910, CVE-2025-32913), and a double free (CVE-2025-32911). These vulnerabilities could lead to memory corruption or denial of service. Red Hat has issued patches for these issues as part of advisory RHSA-2025:8292.

The vulnerabilities could allow attackers to cause memory corruption, potentially leading to application crashes or denial of service. Some issues involve out-of-bounds writes and heap buffer overflows, which may be exploitable for code execution, though no exploits are currently known. The denial of service vulnerability in libsoup can be triggered by specially crafted HTTP Range headers. Null pointer dereferences and double frees may cause application instability. The overall impact is rated as Important by Red Hat.

Red Hat has released updated packages addressing all listed vulnerabilities in mingw-freetype and libsoup for Red Hat Enterprise Linux 8 and related products. Users should apply these official patches promptly by following the guidance at https://access.redhat.com/articles/11258. No additional mitigations are indicated by the vendor advisory. Patch status is confirmed as official-fix.