CVE-2025-27363

Description

In load_truetype_glyph of ttgload.c, there is a possible out of bounds write due to an integer overflow. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

8.1

Severity

High

Ecosystem

APK

Publish Date

April 30, 2025

Modified Date

June 15, 2026

Score Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Versions