Summary: A critical vulnerability, CVE-2025-27363, has been discovered in the FreeType font rendering library, allowing for potential remote code execution on millions of devices. This flaw affects FreeType versions 2.13.0 and below, with a high severity CVSS score of 8.1, and can be exploited through malicious font files. Immediate patching is advised, as the vulnerability may already be actively exploited by attackers.
Affected: FreeType library, operating systems, and software components (e.g., GNU/Linux, Android, Chromium, etc.)
Keypoints :
- Flaw allows remote code execution due to improper handling of TrueType GX and variable font files.
- Potentially impacts millions of devices across various operating systems and mobile platforms.
- Immediate updates to patched versions of FreeType are crucial to prevent exploitation.