CVE
CVE-2025-27363
| CVE ID |
CVE-2025-27363
|
|---|---|
| CVSS Score |
8.1
|
| Operating System | |
| Affected Versions | |
| Patched Versions |
freetype-2.8-14_ol001.el7.1
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
OL CVE Issue Summary:
A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer.
This issue could result in arbitrary code execution or other undefined behavior.