CVE-2025-27363

Опубликовано: 11 мар. 2025

Источник: ubuntu

Приоритет: medium

EPSS Высокий

CVSS3: 8.1

Описание

An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

Релиз	Статус	Примечание
devel	not-affected	2.13.3+dfsg-1
esm-infra-legacy/trusty	not-affected	code not present
esm-infra/bionic	released	2.8.1-2ubuntu2.2+esm1
esm-infra/focal	not-affected	2.10.1-2ubuntu0.4
esm-infra/xenial	released	2.6.1-0.1ubuntu2.5+esm2
focal	released	2.10.1-2ubuntu0.4
jammy	released	2.11.1+dfsg-1ubuntu0.3
noble	not-affected	2.13.2+dfsg-1build3
oracular	not-affected	2.13.3+dfsg-1
upstream	released	2.13.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 99%

0.73011

Высокий

8.1 High

CVSS3

Связанные уязвимости

CVE-2025-27363

CVSS3: 8.1

redhat

3 месяца назад

CVE-2025-27363

CVSS3: 8.1

nvd

3 месяца назад

CVE-2025-27363

CVSS3: 8.1

msrc

3 месяца назад

Описание отсутствует

CVE-2025-27363

CVSS3: 8.1

debian

3 месяца назад

An out of bounds write exists in FreeType versions 2.13.0 and below (n ...

SUSE-SU-2025:0998-1

suse-cvrf

3 месяца назад

Security update for freetype2

EPSS

Процентиль: 99%

0.73011

Высокий

8.1 High

CVSS3

CVE-2025-27363

Описание

Пакет freetype

Ссылки на источники

Связанные уязвимости