By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Viral Trending contentViral Trending content
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
Reading: Facebook discloses FreeType 2 flaw exploited in attacks
Notification Show More
Viral Trending contentViral Trending content
  • Home
  • Categories
    • World News
    • Politics
    • Sports
    • Celebrity
    • Business
    • Crypto
    • Tech News
    • Gaming News
    • Travel
  • Bookmarks
© 2024 All Rights reserved | Powered by Viraltrendingcontent
Viral Trending content > Blog > Tech News > Facebook discloses FreeType 2 flaw exploited in attacks
Tech News

Facebook discloses FreeType 2 flaw exploited in attacks

By admin 3 Min Read
Share
SHARE

Facebook is warning that a FreeType vulnerability in all versions up to 2.13 can lead to arbitrary code execution, with reports that the flaw has been exploited in attacks.

FreeType is a popular open-source font rendering library used to display text and programmatically add text to images. It provides functionality to load, rasterize, and render fonts in various formats, such as TrueType (TTF), OpenType (OTF), and others.

The library is installed in millions of systems and services, including Linux, Android, game engines, GUI frameworks, and online platforms.

The vulnerability, tracked under CVE-2025-27363 and given a CVSS v3 severity score of 8.1 (“high”), was fixed in FreeType version 2.13.0 on February 9th, 2023.

Facebook disclosed the flaw yesterday, warning that the vulnerability is exploitable in all versions of FreeType up to version 2.13 and that there are reports of it actively being exploited in attacks.

“An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files,” reads the bulletin.

“The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer.”

“The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution.”

Facebook may rely on FreeType in some capacity, but it is unclear if the attacks seen by its security team took place on its platform or if they discovered them elsewhere.

Considering the widespread use of FreeType across multiple platforms, software developers and project administrators must upgrade to FreeType 2.13.3 (latest version) as soon as possible.

Although the latest vulnerable version (2.13.0) dates two years, older library versions can persist in software projects for extended periods, making it important to address the flaw as soon as possible.

BleepingComputer asked Meta about the flaw and how it was exploited, and was sent the following statement.

“We report security bugs in open source software when we find them because it strengthens online security for everyone,” Facebook told BleepingComputer.

“We think users expect us to keep working on ways to improve security. We remain vigilant and committed to protecting people’s private communications.”

Red Report 2025

Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.

You Might Also Like

8 Ireland-based women in cybersecurity you should know about

How Gemini CLI 0.9 Enhances Productivity for Developers

Android 16 Security Measures: Identity Check and Advanced Protection

White House Staffers Couldn’t Care Less About the East Wing Demolition

CISA warns of Lanscope Endpoint Manager flaw exploited in attacks

TAGGED: #Facebook, Actively Exploited, Code Execution, FreeType, Vulnerability
Share This Article
Facebook Twitter Copy Link
Previous Article Eagles, Chiefs’ opposing strategies among 6 takeaways from early NFL free agency
Next Article How a Government Shutdown Would Help Elon Musk
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

- Advertisement -
Ad image

Latest News

One Nation, One Workforce: Govt plans integrated system to ensure social-security portability for all workers
Business
Kraken revenue jumps 114% in Q3 amid expansion and IPO plans
Crypto
How on earth has the ITV share price fallen by 75%?
Business
Details Of Ripple-Evernorth Deal Remain Blurry: How Much XRP Is Really Being Bought?
Crypto
Trump completely demolishes the historic East Wing of the White House
World News
8 Ireland-based women in cybersecurity you should know about
Tech News
Two Russian military aircraft enter NATO member Lithuania’s airspace, military says
World News

About Us

Welcome to Viraltrendingcontent, your go-to source for the latest updates on world news, politics, sports, celebrity, tech, travel, gaming, crypto news, and business news. We are dedicated to providing you with accurate, timely, and engaging content from around the globe.

Quick Links

  • Home
  • World News
  • Politics
  • Celebrity
  • Business
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
  • Sports
  • Crypto
  • Tech News
  • Gaming News
  • Travel

Trending News

cageside seats

Unlocking the Ultimate WWE Experience: Cageside Seats News 2024

One Nation, One Workforce: Govt plans integrated system to ensure social-security portability for all workers

Investing £5 a day could help me build a second income of £329 a month!

cageside seats
Unlocking the Ultimate WWE Experience: Cageside Seats News 2024
May 22, 2024
One Nation, One Workforce: Govt plans integrated system to ensure social-security portability for all workers
October 23, 2025
Investing £5 a day could help me build a second income of £329 a month!
March 27, 2024
Brussels unveils plans for a European Degree but struggles to explain why
March 27, 2024
© 2024 All Rights reserved | Powered by Vraltrendingcontent
  • About Us
  • Contact US
  • Disclaimer
  • Privacy Policy
  • Terms of Service
Welcome Back!

Sign in to your account

Lost your password?