By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Viral Trending contentViral Trending content
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
Reading: Facebook discloses FreeType 2 flaw exploited in attacks
Notification Show More
Viral Trending contentViral Trending content
  • Home
  • Categories
    • World News
    • Politics
    • Sports
    • Celebrity
    • Business
    • Crypto
    • Tech News
    • Gaming News
    • Travel
  • Bookmarks
© 2024 All Rights reserved | Powered by Viraltrendingcontent
Viral Trending content > Blog > Tech News > Facebook discloses FreeType 2 flaw exploited in attacks
Tech News

Facebook discloses FreeType 2 flaw exploited in attacks

By admin 3 Min Read
Share
SHARE

Facebook is warning that a FreeType vulnerability in all versions up to 2.13 can lead to arbitrary code execution, with reports that the flaw has been exploited in attacks.

FreeType is a popular open-source font rendering library used to display text and programmatically add text to images. It provides functionality to load, rasterize, and render fonts in various formats, such as TrueType (TTF), OpenType (OTF), and others.

The library is installed in millions of systems and services, including Linux, Android, game engines, GUI frameworks, and online platforms.

The vulnerability, tracked under CVE-2025-27363 and given a CVSS v3 severity score of 8.1 (“high”), was fixed in FreeType version 2.13.0 on February 9th, 2023.

Facebook disclosed the flaw yesterday, warning that the vulnerability is exploitable in all versions of FreeType up to version 2.13 and that there are reports of it actively being exploited in attacks.

“An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files,” reads the bulletin.

“The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer.”

“The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution.”

Facebook may rely on FreeType in some capacity, but it is unclear if the attacks seen by its security team took place on its platform or if they discovered them elsewhere.

Considering the widespread use of FreeType across multiple platforms, software developers and project administrators must upgrade to FreeType 2.13.3 (latest version) as soon as possible.

Although the latest vulnerable version (2.13.0) dates two years, older library versions can persist in software projects for extended periods, making it important to address the flaw as soon as possible.

BleepingComputer asked Meta about the flaw and how it was exploited, and was sent the following statement.

“We report security bugs in open source software when we find them because it strengthens online security for everyone,” Facebook told BleepingComputer.

“We think users expect us to keep working on ways to improve security. We remain vigilant and committed to protecting people’s private communications.”

Red Report 2025

Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.

You Might Also Like

How Gemini CLI 0.9 Enhances Productivity for Developers

Android 16 Security Measures: Identity Check and Advanced Protection

White House Staffers Couldn’t Care Less About the East Wing Demolition

CISA warns of Lanscope Endpoint Manager flaw exploited in attacks

North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets

TAGGED: #Facebook, Actively Exploited, Code Execution, FreeType, Vulnerability
Share This Article
Facebook Twitter Copy Link
Previous Article Eagles, Chiefs’ opposing strategies among 6 takeaways from early NFL free agency
Next Article How a Government Shutdown Would Help Elon Musk
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

- Advertisement -
Ad image

Latest News

Spain loses €45 billion to absenteeism crisis
Business
Crypto M&A surges 30-fold as niche firms shift to mainstream
Business
Pave Bank raises $39M led by Accel, Tether to expand programmable banking
Crypto
‘9-1-1: Nashville’s Isabelle Tate’s Neuromuscular Disease: Her Health Before She Died at 23
Celebrity
Sonic Team Works on Roadmaps to Decide Which Game to Make in Which Year
Gaming News
How Gemini CLI 0.9 Enhances Productivity for Developers
Tech News
Arsenal star Oleksandr Zinchenko in tears as he's forced off injured for Nottingham Forest
Sports

About Us

Welcome to Viraltrendingcontent, your go-to source for the latest updates on world news, politics, sports, celebrity, tech, travel, gaming, crypto news, and business news. We are dedicated to providing you with accurate, timely, and engaging content from around the globe.

Quick Links

  • Home
  • World News
  • Politics
  • Celebrity
  • Business
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
  • Sports
  • Crypto
  • Tech News
  • Gaming News
  • Travel

Trending News

cageside seats

Unlocking the Ultimate WWE Experience: Cageside Seats News 2024

Spain loses €45 billion to absenteeism crisis

Investing £5 a day could help me build a second income of £329 a month!

cageside seats
Unlocking the Ultimate WWE Experience: Cageside Seats News 2024
May 22, 2024
Spain loses €45 billion to absenteeism crisis
October 23, 2025
Investing £5 a day could help me build a second income of £329 a month!
March 27, 2024
Brussels unveils plans for a European Degree but struggles to explain why
March 27, 2024
© 2024 All Rights reserved | Powered by Vraltrendingcontent
  • About Us
  • Contact US
  • Disclaimer
  • Privacy Policy
  • Terms of Service
Welcome Back!

Sign in to your account

Lost your password?