NVD

Vulnerability Change Records for CVE-2025-27363

Change History

CVE Modified by CISA-ADP 3/11/2025 10:15:25 AM

Action	Type	Old Value	New Value
Added	CWE		CWE-787

New CVE Received from Facebook, Inc. 3/11/2025 10:15:25 AM

Action

Type

Old Value

New Value

Added

Description

An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

Added

CVSS V3.1

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Added

Reference

https://www.facebook.com/security/advisories/cve-2025-27363

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Vulnerability Change Records for CVE-2025-27363

Change History

CVE Modified by CISA-ADP 3/11/2025 10:15:25 AM

New CVE Received from Facebook, Inc. 3/11/2025 10:15:25 AM