GHSA-2MHW-8QCG-GR96
Vulnerability from github – Published: 2026-03-19 18:10 – Updated: 2026-03-19 18:10Impact
The Linux wheels for skia-python vendor a vulnerable version of libfreetype that is affected by CVE-2025-27363 [1].
The root cause is a chain of unfortunate events:
-
skia-python builds wheels using pinned pypa/cibuildwheel@2.21.3 [2]
-
cibuildwheel 2.21.3 in turn pins manylinux container images [3]
-
In these images, version 2.9.1-9.el8 of RedHat package freetype is preinstalled. This package version is vulnerable and has since been patched in 2.9.1-10.
-
During the skia-python Linux build, libfreetype is vendored from the system, resulting in skia-python.libs/libfreetype-29a7443c.so.6.16.1
[ To find the provenance of your vendored libfreetype, we extracted the 8-character hash of the original binary file that is added during the build process (29a7443c), and matched it against our database of hashes all historic Red Hat, Debian and Ubuntu releases of freetype. ]
-
Because freetype is only a transitive dependency of the packages explicitly installed by the build script [4], it is not upgraded to the patched version [4].
-
As a result, the published wheels embed a vulnerable libfreetype, even though patched packages are available upstream.
This appears to be a broader manylinux ecosystem issue. The base images
do not enforce that yum update runs on container start, so
preinstalled libraries may remain vulnerable indefinitely.
Patches
In the case of skia-python, the solution is to explicitly install freetype in the build process and rebuild the wheels.
The original report was suggesting the above, but in the current build_Linux.sh script, the patched freetype-devel version 2.9.1-10 gets installed as a dependency. It's just that we need to rebuild the wheel for a new release.
Workarounds
Users must upgrade the wheel package after release.
References
- https://nvd.nist.gov/vuln/detail/CVE-2025-27363
- https://github.com/kyamagu/skia-python/blob/9ffb045811f9b5508e152302d5b81aadca6edd8d/.github/workflows/ci.yml#L38
- https://github.com/pypa/cibuildwheel/blob/v2.21.3/cibuildwheel/resources/pinned_docker_images.cfg
- https://github.com/kyamagu/skia-python/blob/9ffb045811f9b5508e152302d5b81aadca6edd8d/scripts/build_Linux.sh#L6
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "skia-python"
},
"versions": [
"144.0"
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 138.0"
},
"package": {
"ecosystem": "PyPI",
"name": "skia-python"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "144.0.post1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1395",
"CWE-787"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-19T18:10:25Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Impact\n\nThe Linux wheels for skia-python vendor a vulnerable version of\nlibfreetype that is affected by CVE-2025-27363 [1].\n\nThe root cause is a chain of unfortunate events:\n\n1. skia-python builds wheels using pinned pypa/cibuildwheel@2.21.3 [2]\n\n2. cibuildwheel 2.21.3 in turn pins manylinux container images [3]\n\n3. In these images, version 2.9.1-9.el8 of RedHat package freetype is\n*preinstalled*. This package version is vulnerable and has since been\npatched in 2.9.1-10.\n\n4. During the skia-python Linux build, libfreetype is vendored from the\nsystem, resulting in skia-python.libs/libfreetype-29a7443c.so.6.16.1\n\n[ To find the provenance of your vendored libfreetype, we extracted the\n8-character hash of the original binary file that is added during the\nbuild process (29a7443c), and matched it against our database of hashes\nall historic Red Hat, Debian and Ubuntu releases of freetype. ]\n\n5. Because freetype is only a *transitive* dependency of the packages\nexplicitly installed by the build script [4], it is not upgraded to the\npatched version [4].\n\n5. As a result, the published wheels embed a vulnerable libfreetype,\neven though patched packages are available upstream.\n\nThis appears to be a broader manylinux ecosystem issue. The base images\ndo not enforce that `yum update` runs on container start, so\npreinstalled libraries may remain vulnerable indefinitely.\n\n\n### Patches\n\n\u003e In the case of skia-python, the solution is to explicitly install freetype in the build process and rebuild the wheels.\n\nThe original report was suggesting the above, but in the current `build_Linux.sh` script, the patched `freetype-devel` version 2.9.1-10 gets installed as a dependency. It\u0027s just that we need to rebuild the wheel for a new release.\n\n### Workarounds\n\nUsers must upgrade the wheel package after release.\n\n### References\n\n1. https://nvd.nist.gov/vuln/detail/CVE-2025-27363\n2. https://github.com/kyamagu/skia-python/blob/9ffb045811f9b5508e152302d5b81aadca6edd8d/.github/workflows/ci.yml#L38\n3. https://github.com/pypa/cibuildwheel/blob/v2.21.3/cibuildwheel/resources/pinned_docker_images.cfg\n4. https://github.com/kyamagu/skia-python/blob/9ffb045811f9b5508e152302d5b81aadca6edd8d/scripts/build_Linux.sh#L6",
"id": "GHSA-2mhw-8qcg-gr96",
"modified": "2026-03-19T18:10:25Z",
"published": "2026-03-19T18:10:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/kyamagu/skia-python/security/advisories/GHSA-2mhw-8qcg-gr96"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27363"
},
{
"type": "PACKAGE",
"url": "https://github.com/kyamagu/skia-python"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "skia-python vendors vulnerable libfreetype because of pinned cibuildwheel version"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.