Логотип exploitDog
bind:CVE-2025-27363
Консоль
Логотип exploitDog

exploitDog

bind:CVE-2025-27363

Количество 16

Количество 16

ubuntu логотип

CVE-2025-27363

5 месяцев назад

An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

CVSS3: 8.1
EPSS: Высокий
redhat логотип

CVE-2025-27363

5 месяцев назад

An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

CVSS3: 8.1
EPSS: Высокий
nvd логотип

CVE-2025-27363

5 месяцев назад

An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

CVSS3: 8.1
EPSS: Высокий
msrc логотип

CVE-2025-27363

5 месяцев назад

CVSS3: 8.1
EPSS: Высокий
debian логотип

CVE-2025-27363

5 месяцев назад

An out of bounds write exists in FreeType versions 2.13.0 and below (n ...

CVSS3: 8.1
EPSS: Высокий
suse-cvrf логотип

SUSE-SU-2025:0998-1

5 месяцев назад

Security update for freetype2

EPSS: Высокий
suse-cvrf логотип

SUSE-SU-2025:0960-1

5 месяцев назад

Security update for freetype2

EPSS: Высокий
rocky логотип

RLSA-2025:3421

9 дней назад

Important: freetype security update

EPSS: Высокий
github логотип

GHSA-g8qj-jv5h-78cp

5 месяцев назад

An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

CVSS3: 8.1
EPSS: Высокий
oracle-oval логотип

ELSA-2025-3421

4 месяца назад

ELSA-2025-3421: freetype security update (IMPORTANT)

EPSS: Низкий
oracle-oval логотип

ELSA-2025-3407

4 месяца назад

ELSA-2025-3407: freetype security update (IMPORTANT)

EPSS: Низкий
oracle-oval логотип

ELSA-2025-3395

4 месяца назад

ELSA-2025-3395: freetype security update (IMPORTANT)

EPSS: Низкий
fstec логотип

BDU:2025-02719

больше 2 лет назад

Уязвимость библиотеки для растеризации шрифтов FreeType, связанная с чтением за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код

CVSS3: 8.1
EPSS: Высокий
redos логотип

ROS-20250722-03

17 дней назад

Уязвимость FreeType

CVSS3: 8.1
EPSS: Высокий
rocky логотип

RLSA-2025:8292

9 дней назад

Important: mingw-freetype and spice-client-win security update

EPSS: Низкий
oracle-oval логотип

ELSA-2025-8292

2 месяца назад

ELSA-2025-8292: mingw-freetype and spice-client-win security update (IMPORTANT)

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
ubuntu логотип
CVE-2025-27363

An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

CVSS3: 8.1
71%
Высокий
5 месяцев назад
redhat логотип
CVE-2025-27363

An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

CVSS3: 8.1
71%
Высокий
5 месяцев назад
nvd логотип
CVE-2025-27363

An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

CVSS3: 8.1
71%
Высокий
5 месяцев назад
msrc логотип
CVSS3: 8.1
71%
Высокий
5 месяцев назад
debian логотип
CVE-2025-27363

An out of bounds write exists in FreeType versions 2.13.0 and below (n ...

CVSS3: 8.1
71%
Высокий
5 месяцев назад
suse-cvrf логотип
SUSE-SU-2025:0998-1

Security update for freetype2

71%
Высокий
5 месяцев назад
suse-cvrf логотип
SUSE-SU-2025:0960-1

Security update for freetype2

71%
Высокий
5 месяцев назад
rocky логотип
RLSA-2025:3421

Important: freetype security update

71%
Высокий
9 дней назад
github логотип
GHSA-g8qj-jv5h-78cp

An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

CVSS3: 8.1
71%
Высокий
5 месяцев назад
oracle-oval логотип
ELSA-2025-3421

ELSA-2025-3421: freetype security update (IMPORTANT)

4 месяца назад
oracle-oval логотип
ELSA-2025-3407

ELSA-2025-3407: freetype security update (IMPORTANT)

4 месяца назад
oracle-oval логотип
ELSA-2025-3395

ELSA-2025-3395: freetype security update (IMPORTANT)

4 месяца назад
fstec логотип
BDU:2025-02719

Уязвимость библиотеки для растеризации шрифтов FreeType, связанная с чтением за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код

CVSS3: 8.1
71%
Высокий
больше 2 лет назад
redos логотип
ROS-20250722-03

Уязвимость FreeType

CVSS3: 8.1
71%
Высокий
17 дней назад
rocky логотип
RLSA-2025:8292

Important: mingw-freetype and spice-client-win security update

9 дней назад
oracle-oval логотип
ELSA-2025-8292

ELSA-2025-8292: mingw-freetype and spice-client-win security update (IMPORTANT)

2 месяца назад

Уязвимостей на страницу