Miggo Logo
Miggo Vulnerability Database
CVE-2025-27363

CVE-2025-27363:
An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font...

8.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-27363
GHSA ID
GHSA-g8qj-jv5h-78cp
EPSS Score
0.98504%
CWE
CWE-787
Published
3/11/2025
Updated
5/7/2025
KEV Status
Yes
Technology
-

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

I was unable to fetch the commit information from the provided GitLab URL or the patch file due to access restrictions (bot detection). The available information from security advisories describes the vulnerability's nature (out-of-bounds write due to integer overflow when parsing font subglyph structures in TrueType GX and variable font files) but does not provide specific function names or code snippets. Without access to the code changes, I cannot confidently identify the vulnerable functions or provide evidence from the patch.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n out o* *oun*s writ* *xists in *r**Typ* v*rsions *.**.* *n* **low w**n *tt*mptin* to p*rs* *ont su**lyp* stru*tur*s r*l*t** to Tru*Typ* *X *n* v*ri**l* *ont *il*s. T** vuln*r**l* *o** *ssi*ns * si*n** s*ort v*lu* to *n unsi*n** lon* *n* t**n ***s *

Reasoning

I w*s un**l* to **t** t** *ommit in*orm*tion *rom t** provi*** *itL** URL or t** p*t** *il* *u* to ****ss r*stri*tions (*ot **t**tion). T** *v*il**l* in*orm*tion *rom s**urity **visori*s **s*ri**s t** vuln*r**ility's n*tur* (out-o*-*oun*s writ* *u* t