💻 Meta warns of FreeType vulnerability (CVE-2025-27363) with active exploitation risk

chushpan

chushpan

Professional
Messages
891
Reaction score
650
Points
93
👉 Meta has warned that a security vulnerability affecting the open-source font rendering library FreeType could be exploited in the wild.

📰 The vulnerability has been assigned the CVE identifier CVE-2025-27363 and a CVSS score of 8.1, indicating a high severity rating. Described as an out-of-bounds write flaw, it could be used to execute remote code when parsing certain font files.

🗞 “FreeType versions 2.13.0 and below experience an out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX font files and variables”, the company said in a statement.

📰 “The vulnerable code assigns a signed short value to an unsigned long, then adds a static value, causing it to wrap and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers that exceed the bounds of that buffer. This could lead to arbitrary code execution”.

📌 The company did not provide any details on how exactly the flaw is exploited, who is behind it, or the scale of the attacks. However, it acknowledged that the bug “could be exploited in the wild”.
 
You must log in or register to reply here.

Similar threads

chushpan
💻 VMware security flaws are being exploited in the wild - Broadcom releases urgent fixes
Replies
0
Views
123
chushpan
chushpan
chushpan
💸 Elastic has released security updates to address a critical vulnerability in its Kibana data visualization software
Replies
0
Views
91
chushpan
chushpan
chushpan
✈️ Ongoing cyberattacks exploit critical vulnerabilities in Cisco Smart Licensing Utility
Replies
0
Views
73
chushpan
chushpan
chushpan
🎃 Hackers exploit serious PHP flaw to deploy Quasar RAT and XMRig miners
Replies
0
Views
70
chushpan
chushpan
chushpan
🤖 Ballista Botnet Exploits Unpatched TP-Link Vulnerability to Infect Over 6,000 Devices
Replies
0
Views
142
chushpan
chushpan
Back
Top