ASB-A-399065987 — Vulnetix

ASB-A-399065987 PUBLISHED CVSS 8.600000381469727 HIGH

In load_truetype_glyph of ttgload.c, there is a possible out of bounds write due to an integer overflow. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Risk Scores

CVSS v4.0

8.600000381469727

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
platform	external/freetype	13, ,

Timeline

May 1, 2025 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2025-05-01 advisory
https://android.googlesource.com/platform/external/freetype/+/f9c146bda91f441b7bebac4387e46ae40caaf3b1 patch

Open in Interactive Console →