1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. FreeType Out-of-Bounds Write Vulnerability

Known Exploited Vulnerabilities CVE-2025-27363

FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files that may allow for arbitrary code execution.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2025-27363 FreeType Out-of-Bounds Write Vulnerability primary_impact T1574 Hijack Execution Flow
Comments
Out of bounds write exists in FreeType that has been exploited through malicious font files, causing the application to crash.
References
  1. https://github.com/zhuowei/CVE-2025-27363-proof-of-concept; https://www.helpnetsecurity.com/2025/05/07/actively-exploited-freetype-flaw-fixed-in-android-cve-2025-27363/
CVE-2025-27363 FreeType Out-of-Bounds Write Vulnerability secondary_impact T1499.004 Application or System Exploitation
Comments
Out of bounds write exists in FreeType that has been exploited through malicious font files, causing the application to crash.
References
  1. https://github.com/zhuowei/CVE-2025-27363-proof-of-concept; https://www.helpnetsecurity.com/2025/05/07/actively-exploited-freetype-flaw-fixed-in-android-cve-2025-27363/
CVE-2025-27363 FreeType Out-of-Bounds Write Vulnerability exploitation_technique T1204.002 Malicious File
Comments
Out of bounds write exists in FreeType that has been exploited through malicious font files, causing the application to crash.
References
  1. https://github.com/zhuowei/CVE-2025-27363-proof-of-concept; https://www.helpnetsecurity.com/2025/05/07/actively-exploited-freetype-flaw-fixed-in-android-cve-2025-27363/