6.6 C
New York
Thursday, March 13, 2025
type here...
Internet

Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Energetic Exploitation Possibility

By LatestFreeNews
0

Must read

LatestFreeNews
LatestFreeNewshttp://latestfreenews.com
FreeType Vulnerability

Meta has warned {that a} safety vulnerability impacting the FreeType open-source font rendering library could have been exploited within the wild.

The vulnerability has been assigned the CVE identifier CVE-2025-27363, and carries a CVSS ranking of 8.1, indicating top severity. Described as an out-of-bounds write flaw, it may well be exploited to succeed in far off code execution when parsing sure font information.

“An out-of-bounds write exists in FreeType variations 2.13.0 and underneath when making an attempt to parse font subglyph buildings associated with TrueType GX and variable font information,” the corporate stated in an advisory.

“The susceptible code assigns a signed quick price to an unsigned lengthy after which provides a static price inflicting it to wrap round and allocate too small of a heap buffer. The code then writes as much as 6 signed lengthy integers out of bounds relative to this buffer. This will likely lead to arbitrary code execution.”

Cybersecurity

The corporate didn’t proportion any specifics on how the inability is being exploited, who’s at the back of it, and the dimensions of the assaults. On the other hand, it said that the worm “could have been exploited within the wild.”

- Advertisement -

When reached for remark, FreeType developer Werner Lemberg advised The Hacker Information {that a} repair for the vulnerability has been integrated for nearly two years. “FreeType variations higher than 2.13.0 are now not affected,” Lemberg stated.

In a separate message posted at the Open Supply Safety mailing record oss-security, it has come to gentle that a number of Linux distributions are operating an out of date model of the library, thus rendering them liable to the flaw. This comprises –

  • AlmaLinux
  • Alpine Linux
  • Amazon Linux 2
  • Debian strong / Devuan
  • RHEL / CentOS Circulation / Alma Linux / and so on. 8 and 9
  • GNU Guix
  • Mageia
  • OpenMandriva
  • openSUSE Jump
  • Slackware, and
  • Ubuntu 22.04
See also  Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo

In gentle of energetic exploitation, customers are beneficial to replace their cases to the newest model of FreeType (2.13.3) for optimum coverage.

Previous article
No, Saylor Isn’t Killing Bitcoin—Knowledgeable Fires Again
Next article
Undetectable AI vs. Rephrasy: Beatdown

Related News

- Advertisement -
- Advertisement -

Latest News

- Advertisement -

Welcome to LatestFreeNews, your go-to source for the latest updates and insights on global affairs. We are dedicated to bringing you accurate and timely news coverage from around the world.

Legal Pages

Topics

Editor's Picks

© 2025 All Rights Reserved | Powered by Latestfreenews