CVE-2025-27363
KEVFreeType Out-of-Bounds Write Vulnerability
8.1
HighPublished:
Last updated:
Source:cve-assign@fb.com
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- High
- Privileges Required
- None
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
References
cve-assign@fb.com
https://www.facebook.com/security/advisories/cve-2025-27363af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2025/03/13/1af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2025/03/13/11af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2025/03/13/12af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2025/03/13/2af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2025/03/13/3af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2025/03/13/8af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2025/03/14/1af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2025/03/14/2af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2025/03/14/3af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2025/03/14/4af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2025/05/06/3af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2026/04/16/5af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2026/04/19/3af854a3a-2127-422b-91ae-364da2661108
https://lists.debian.org/debian-lts-announce/2025/03/msg00030.html134c704f-9b21-4f2e-91b3-4a467353bcc0
https://source.android.com/docs/security/bulletin/2025-05-01134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-27363