AI description
CVE-2025-27363 is a vulnerability found in FreeType versions 2.13.0 and below. It occurs when parsing font subglyph structures related to TrueType GX and variable font files. The issue stems from assigning a signed short value to an unsigned long, followed by adding a static value. This causes a wrap-around, resulting in a heap buffer that is too small being allocated. The vulnerability allows writing up to 6 signed long integers out of bounds relative to the undersized buffer. This out-of-bounds write can potentially lead to arbitrary code execution. It has been reported that this vulnerability may have been exploited in the wild.
- Description
- An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
- Source
- cve-assign@fb.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-787
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
8
Urgent security advisory from @Meta 🚨 A high-severity vulnerability (CVE-2025-27363) in the FreeType open-source font rendering library has been identified, with a CVSS score of 8.2 https://t.co/YYXtUtL9sh Cc: @NITDANigeria Cc:@ngCERTofficial https://t.co/Z9HOU0hJRu
@CoyEmerald1
14 Mar 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Facebook Warns of FreeType 2 Exploit ⚠️ A critical out-of-bounds write flaw (CVE-2025-27363) in FreeType affects Linux, Android & game engines—leading to code execution! 🚨 Upgrade to FreeType 2.13.3 ASAP to stay safe! https://t.co/SOfcuKtsBc #CyberSecurity #UpdateNow h
@dCypherIO
13 Mar 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼️ Rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2025-27363 relativo alla libreria di rendering dei font #FreeType Rischio: 🔴 Tipologia: 🔸 Arbitrary Code Execution 🔗 https://t.co/XkCCJoB8H0 ⚠ Importante aggiornare i so… https://t.co/JLmNOTgrN1
@Vulcanux_
13 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Meta's security team warns of a zero-day vulnerability (CVE-2025-27363) in FreeType affecting versions 2.13.0 and below, risking arbitrary code execution. Update to 2.13.3+! 🛡️ #FreeType #Linux #USA link: https://t.co/NlQNhxBZgf https://t.co/B0lQKsu3g8
@TweetThreatNews
13 Mar 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Facebook avertit qu'une vulnérabilité #FreeType CVE-2025-27363 affectant toutes les versions jusqu'à 2.13, peut permettre une exécution de code arbitraire. L’exploitation de celle-ci dans des attaques est signalée. https://t.co/CGLUWJJ91Z
@cert_ist
13 Mar 2025
37 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Critical FreeType Bug (CVE-2025-27363) Puts Linux Systems at Risk #cybersecurity #latest #trending #viral https://t.co/ib5JIgV8qj
@cyashadotcom
13 Mar 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Rare urgent advisory from @Meta 🚨⚠️ CVE-2025-27363: FreeType flaw risks millions. Remote code execution possible on major platforms. Patch urged as exploitation rises. Severity: 8.2/10. Affects versions pre-2.13.3. Update now! https://t.co/HgpU8XsfgC
@gothburz
13 Mar 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🗞️ Facebook Discloses FreeType 2 Vulnerability Actively Exploited in Attacks" 🚨 Facebook warns of a critical FreeType 2 flaw (CVE-2025-27363) exploited in attacks, which risks arbitrary code execution on unpatched systems. Update to version 2.13.3 ASAP. Key takeaways: 🕵️♂️
@gossy_84
13 Mar 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Meta advierte sobre la explotación activa de una vulnerabilidad crítica (CVE-2025-27363) en WhatsApp para Android. Actualiza tu app urgentemente para evitar ataques remotos. 👇 #ciberseguridad #WhatsApp #Android 𝗠𝗘𝗧𝗔 𝗔𝗟𝗘𝗥𝗧𝗔 𝗦𝗢𝗕𝗥𝗘 𝗩𝗨𝗟𝗡𝗘𝗥𝗔𝗕𝗜𝗟𝗜𝗗𝗔𝗗…
@C1B3R53CUR1TY
13 Mar 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Facebook rivela una vulnerabilità critica in FreeType 2 attivamente sfruttata Sicurezza Informatica, aggiornamento software, CVE-2025-27363, cybersecurity, esecuzione arbitraria codice, Facebook, FreeType 2, rce, vulnerabilità https://t.co/TtRFhVyDRL https://t.co/UkAnyrUBr7
@matricedigitale
13 Mar 2025
53 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Meta has alerted users to a critical FreeType vulnerability (CVE-2025-27363) with a CVSS score of 8.1, allowing remote code execution. Affected: FreeType ≤ 2.13.0. Update to 2.13.3! 🛡️ #FreeType #Linux #USA link: https://t.co/tF5cjTmYI0 https://t.co/bzLgxR6DhU
@TweetThreatNews
13 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 تحذير أمني خطير! اكتُشفت ثغرة CVE-2025-27363 في مكتبة FreeType تؤدي إلى تنفيذ تعليمات برمجية عشوائية. الثغرة مستغلة فعليًا وتؤثر على أنظمة لينكس وأندرويد. ✅ الحل: تحديث فوري إلى FreeType 2.13.3 لتجنب الاختراق. #أمن_سيبراني #FreeType #ثغرات_أمنية https://t.co/PO1pKlH2Ul
@mjbtechtips
13 Mar 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
» CVE-2025-27363 https://t.co/FuPVLOReYl // An out of bounds write exists in #FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files.
@yesonline
13 Mar 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Alert: A severe vulnerability (CVE-2025-27363) in the FreeType font library, used by millions, is being actively exploited. This flaw allows RCE, risking numerous systems. Affected platforms include Linux distributions, Android, and iOS. Read:… https://t.co/ZCpElHet
@TheHackersNews
13 Mar 2025
14620 Impressions
63 Retweets
133 Likes
31 Bookmarks
1 Reply
7 Quotes
Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk https://t.co/Y1vWJMDuPf
@DemolisherDigi
13 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📍Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk https://t.co/kmAI8Tdmgk
@cyberetweet
13 Mar 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Hacker News - Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk https://t.co/Ulgi1cfXiW
@buzz_sec
13 Mar 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Обнаружена опасная уязвимость в FreeType (CVE-2025-27363), угрожающая удаленным выполнением кода. Подробнее https://t.co/EZRn72l8FG https://t.co/YBX3Zj36qx
@KZCERT
13 Mar 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27363: FreeType: Out of bounds write in FreeType <= 2.13.0 https://t.co/70hfcE1oQQ and https://t.co/Ll4hIswvCG Facebook claims this "may have been exploited in the wild."
@oss_security
13 Mar 2025
5838 Impressions
14 Retweets
35 Likes
19 Bookmarks
0 Replies
0 Quotes
Facebook alerts of a FreeType vulnerability (CVE-2025-27363) in versions up to 2.13, permitting arbitrary code execution through font parsing. Users should urgently upgrade to FreeType 2.13.3. #Facebook #Security https://t.co/jEkYPBtQRT
@Strivehawk
12 Mar 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A critical flaw in FreeType (CVE-2025-27363) exposes millions to remote code execution risks via malicious font files. Patch urgently! High severity score: 8.1. 🌍 #FreeTypeFlaw #OpenSource #Linux link: https://t.co/Mc9qiLHfrC https://t.co/3lKBImC90L
@TweetThreatNews
12 Mar 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27363: Font Library FreeType Flaw Exploited in the Wild, Millions at Risk https://t.co/K45GTe2E9T
@Dinosn
12 Mar 2025
3021 Impressions
4 Retweets
38 Likes
4 Bookmarks
0 Replies
0 Quotes
CVE-2025-27363: Font Library FreeType Flaw Exploited in the Wild, Millions at Risk CVE-2025-27363 is a significant risk for #FreeType users, with potential remote code execution across popular platforms https://t.co/wyYp6rIr0X
@the_yellow_fall
12 Mar 2025
79 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Strengthen your digital defences by staying up-to-date on the latest cyber security threats and trends, including CVE-2025-27363, CVE-2025-2194, and CVE-2025-2195.
@centry_agent
11 Mar 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27363 An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. … https://t.co/bcjZIOe96s
@CVEnew
11 Mar 2025
353 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes