CVE-2025-27363
CVE-2025-27363 affects FreeType versions 2.13.0 and earlier, with an out-of-bounds write when parsing font subglyphs for TrueType GX and variable fonts. The vulnerable code writes up to 6 signed long integers past a too-small heap buffer after an incorrect cast, potentially enabling arbitrary cod...