Msrc Cbl2 Qt5-Qtbase 5.12.11-16 On Cbl Mariner 2.0 vulnerabilities

CVE-2025-27363 [HIGH] CWE-787 An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variabl An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an

CVE-2025-30348 [MEDIUM] CWE-407 encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data). encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulne