| CVE编号 | CVE-2025-27363 |
|---|---|
| 发布日期 | 2025-03-11T13:28:31.705Z |
| 更新日期 | 2025-03-11T13:42:09.970Z |
| 状态 | PUBLISHED |
| 受影响的供应商 | FreeType |
| 受影响的产品 | FreeType |
| 描述 | An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild. |
参考链接:
