ASB-A-399065987
See a problem?- Import Source
- https://storage.googleapis.com/android-osv-test/ASB-A-399065987.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ASB-A-399065987
- Aliases
-
- A-399065987
- CVE-2025-27363
- Published
- 2025-05-01T00:00:00Z
- Modified
- 2025-08-07T04:57:18.548805Z
- Summary
- [none]
- Details
-
In loadtruetypeglyph of ttgload.c, there is a possible out of bounds write due to an integer overflow. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/external/freetype
Package
Ecosystem specific
{
"vanir_signatures": [
{
"id": "ASB-A-399065987-7b8cf838",
"deprecated": false,
"signature_version": "v1",
"source": "https://googleplex-android.googlesource.com/platform/external/freetype/+/40b754307a3bda35de3f57d1564bdd08f023e996",
"signature_type": "Function",
"digest": {
"function_hash": "225190713166141230578321329351953741461",
"length": 10349.0
},
"target": {
"file": "src/truetype/ttgload.c",
"function": "load_truetype_glyph"
}
},
{
"id": "ASB-A-399065987-e4196305",
"deprecated": false,
"signature_version": "v1",
"source": "https://googleplex-android.googlesource.com/platform/external/freetype/+/40b754307a3bda35de3f57d1564bdd08f023e996",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"333475916782916309588617377258648724449",
"235177191989644712162751845123556359763",
"60518446496987002611507789322922328315"
]
},
"target": {
"file": "src/truetype/ttgload.c"
}
}
],
"spl": "2025-05-01",
"types": [
"RCE"
],
"fixes": [
"https://googleplex-android.googlesource.com/platform/external/freetype/+/40b754307a3bda35de3f57d1564bdd08f023e996"
],
"severity": "High"
}
Android / platform/external/freetype
Package
Ecosystem specific
{
"vanir_signatures": [
{
"id": "ASB-A-399065987-ad7021eb",
"deprecated": false,
"signature_version": "v1",
"source": "https://googleplex-android.googlesource.com/platform/external/freetype/+/ceced76be559da8ae785486d886640a8d4512570",
"signature_type": "Function",
"digest": {
"function_hash": "61957178567273213693116448186191381440",
"length": 8364.0
},
"target": {
"file": "src/truetype/ttgload.c",
"function": "load_truetype_glyph"
}
},
{
"id": "ASB-A-399065987-bfba10b6",
"deprecated": false,
"signature_version": "v1",
"source": "https://googleplex-android.googlesource.com/platform/external/freetype/+/ceced76be559da8ae785486d886640a8d4512570",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"333140853705563940961478831892238738928",
"293942058795230179263012129296380034494",
"39022404963389122489798277493243381652",
"326251341313527316179703666102928341445",
"317105884907683953830538731236123687976",
"4459362778992060743540400679110315862",
"150562665197059195501090039964244656401",
"99044997563367436051340451110925177478",
"119166656742416527625793997299504231259",
"61963418961756769430189428306093038318",
"36962234592264992096275238002846959418",
"101298716410258248578310522822269914846",
"219196763445562557191724519479563831142",
"188219497632085217181722192215184332914",
"122352562764734387455017072619121291343",
"285313611100477805560129740727456770161",
"58252443220094800575185844020996665918",
"159439947472210289121424372861910760698",
"67975039025293037966966157399381845640",
"262738380276182599997963206937947649951",
"242243720720063396892284453526258217951",
"141519637840562842742844174259330840979",
"274603002243299022612668932806410032369",
"3793496258247554550353827442885372153",
"211824759099054451558177119030834043672",
"162496643958825658019709349977198686729",
"328175071022938272242518594817917035387",
"95828790601521475302892128147075563325",
"149944573050376106926978485717523951005",
"59872551178448620498708917948417189880",
"243186840415714802218081437233467808289",
"256255164651525122206873262559677657826",
"90981036306045706095012401451938735856",
"136573112709524408349503359825364506406",
"132915345861389874001567380797887230874",
"36093336117704041854096560972662841448",
"268350804939509140180186479478637966206",
"19426575818939863495856394936356669705",
"326973640902969858385848124426069826442",
"212149378433334313028123485516890511615",
"182463207169066589890024814829213280780",
"131838429188234796006676105098569422911"
]
},
"target": {
"file": "src/truetype/ttgload.c"
}
}
],
"spl": "2025-05-01",
"types": [
"RCE"
],
"fixes": [
"https://googleplex-android.googlesource.com/platform/external/freetype/+/ceced76be559da8ae785486d886640a8d4512570"
],
"severity": "High"
}