Back to KEVs

CVE-2025-27363

An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font...

Basic Information

CVE State
PUBLISHED
Reserved Date
February 21, 2025
Published Date
March 11, 2025
Last Updated
April 02, 2025
Vendor
FreeType
Product
FreeType
Description
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

CVSS Scores

CVSS v3.1

8.1 - HIGH

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:H/MI:H/MA:H

SSVC Information

Exploitation
none
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (added 2025-03-11 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2025-03-23 23:30:37 UTC) Source

References

https://www.facebook.com/security/advisories/cve-2025-27363

Known Exploited Vulnerability Information

Source Added Date
CVE 2025-03-11 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

zhuowei/CVE-2025-27363-proof-of-concept

Type: github • Created: 2025-03-23 23:30:37 UTC • Stars: 6