An update for mingw-freetype and spice-client-win is now available for Red Hat
 Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of
 Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

MinGW Windows Freetype library.

Security Fix(es):

* freetype: OOB write when attempting to parse font subglyph structures related
 to TrueType GX and variable font files (CVE-2025-27363)

* libsoup: Integer overflow in append_param_quoted (CVE-2025-32050)

* libsoup: Heap buffer overflow in sniff_unknown() (CVE-2025-32052)

* libsoup: Heap buffer overflows in sniff_feed_or_html() and
 skip_insignificant_space() (CVE-2025-32053)

* libsoup: Out of bounds reads in soup_headers_parse_request() (CVE-2025-32906)

* libsoup: Denial of service in server when client requests a large amount of 
 overlapping ranges with Range header (CVE-2025-32907)

* libsoup: NULL Pointer Dereference on libsoup through  function
 "sniff_mp4" in soup-content-sniffer.c (CVE-2025-32909)

* libsoup: Null pointer deference on libsoup via  /auth/soup-auth-digest.c
 through "soup_auth_digest_authenticate" on  client when server omits the "realm" parameter in an Unauthorized  response with Digest authentication (CVE-2025-32910)

* libsoup: Double free on  soup_message_headers_get_content_disposition()
 through  "soup-message-headers.c" via "params" GHashTable value (CVE-2025-32911)

* libsoup: NULL pointer dereference in 
 soup_message_headers_get_content_disposition when "filename" parameter  is present, but has no value in Content-Disposition header (CVE-2025-32913)

For more details about the security issue(s), including the impact, a CVSS
 score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-27363: Out-of-bounds Write (CWE-787)
CVE-2025-32050: Buffer Under-read (CWE-127)
CVE-2025-32052: Buffer Over-read (CWE-126)
CVE-2025-32053: Buffer Over-read (CWE-126)
CVE-2025-32906: Out-of-bounds Read (CWE-125)
CVE-2025-32907: Excessive Platform Resource Consumption within a Loop
 (CWE-1050)
CVE-2025-32909: NULL Pointer Dereference (CWE-476)
CVE-2025-32910: NULL Pointer Dereference (CWE-476)
CVE-2025-32911: Free of Memory not on the Heap (CWE-590)
CVE-2025-32913: NULL Pointer Dereference (CWE-476)