{"id":"ASB-A-271680254","details":"In ft_open_face_internal of ftobjs.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-271680254","CVE-2022-27405"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2023-07-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-07-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/freetype/+/d45f0e49ab54065eb72d92aa3cc5f2152b0910b7"}],"affected":[{"package":{"name":"platform/external/freetype","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-07-01"}]}],"versions":["11"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/freetype/+/b0f8930701bf19229075cc930ad15813ff5fb07b"],"spl":"2023-07-01","types":["ID"],"vanir_signatures":[{"id":"ASB-A-271680254-57aa9177","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/b0f8930701bf19229075cc930ad15813ff5fb07b","signature_version":"v1","digest":{"function_hash":"273794191095029415571540735433697996590","length":1445},"deprecated":false,"target":{"function":"FT_Request_Size","file":"src/base/ftobjs.c"}},{"id":"ASB-A-271680254-5e513610","target":{"file":"src/base/ftobjs.c"},"signature_version":"v1","source":"https://android.googlesource.com/platform/external/freetype/+/b0f8930701bf19229075cc930ad15813ff5fb07b","digest":{"threshold":0.9,"line_hashes":["291292727991274572558975050199969150874","317036238205304435232424104055067117137","116755388619180383490645454328218328511","139585023601765551227564037762443631804","287252210620997460612647761413592587611","265778105458753372634855752333945513311"]},"deprecated":false,"signature_type":"Line"},{"id":"ASB-A-271680254-ffe6e6f0","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/b0f8930701bf19229075cc930ad15813ff5fb07b","signature_version":"v1","deprecated":false,"digest":{"function_hash":"121312326407145946817341732961959920737","length":4919},"target":{"function":"ft_open_face_internal","file":"src/base/ftobjs.c"}}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-271680254.json"}},{"package":{"name":"platform/external/freetype","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-07-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/freetype/+/470a3e6a1eae76bb5109cec4b01d0ec1ea57dab7"],"spl":"2023-07-01","types":["ID"],"vanir_signatures":[{"id":"ASB-A-271680254-0de1263b","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/470a3e6a1eae76bb5109cec4b01d0ec1ea57dab7","signature_version":"v1","digest":{"function_hash":"183948334972099493898034944722317380673","length":1447},"deprecated":false,"target":{"function":"FT_Request_Size","file":"src/base/ftobjs.c"}},{"id":"ASB-A-271680254-21c8751a","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/470a3e6a1eae76bb5109cec4b01d0ec1ea57dab7","signature_version":"v1","deprecated":false,"digest":{"function_hash":"121312326407145946817341732961959920737","length":4919},"target":{"function":"ft_open_face_internal","file":"src/base/ftobjs.c"}},{"id":"ASB-A-271680254-d5686c46","signature_type":"Line","source":"https://android.googlesource.com/platform/external/freetype/+/470a3e6a1eae76bb5109cec4b01d0ec1ea57dab7","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["291292727991274572558975050199969150874","317036238205304435232424104055067117137","116755388619180383490645454328218328511","139585023601765551227564037762443631804","287252210620997460612647761413592587611","265778105458753372634855752333945513311"]},"deprecated":false,"target":{"file":"src/base/ftobjs.c"}}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-271680254.json"}},{"package":{"name":"platform/external/freetype","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-07-01"}]}],"versions":["12L"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/freetype/+/fa4a08921a89b20389b2e61d8817858d4bca291c"],"types":["ID"],"spl":"2023-07-01","vanir_signatures":[{"id":"ASB-A-271680254-51f0a721","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/fa4a08921a89b20389b2e61d8817858d4bca291c","signature_version":"v1","digest":{"function_hash":"183948334972099493898034944722317380673","length":1447},"deprecated":false,"target":{"function":"FT_Request_Size","file":"src/base/ftobjs.c"}},{"id":"ASB-A-271680254-b94e759f","signature_type":"Line","source":"https://android.googlesource.com/platform/external/freetype/+/fa4a08921a89b20389b2e61d8817858d4bca291c","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["291292727991274572558975050199969150874","317036238205304435232424104055067117137","116755388619180383490645454328218328511","139585023601765551227564037762443631804","287252210620997460612647761413592587611","265778105458753372634855752333945513311"]},"deprecated":false,"target":{"file":"src/base/ftobjs.c"}},{"id":"ASB-A-271680254-fd5b8413","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/fa4a08921a89b20389b2e61d8817858d4bca291c","signature_version":"v1","deprecated":false,"digest":{"function_hash":"121312326407145946817341732961959920737","length":4919},"target":{"function":"ft_open_face_internal","file":"src/base/ftobjs.c"}}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-271680254.json"}},{"package":{"name":"platform/external/freetype","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-07-01"}]}],"versions":["13"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/freetype/+/8abb5b963d8f3bac3224c09edff6dcbbd11bf508"],"severity":"High","types":["ID"],"vanir_signatures":[{"id":"ASB-A-271680254-55aa8618","signature_type":"Line","source":"https://android.googlesource.com/platform/external/freetype/+/8abb5b963d8f3bac3224c09edff6dcbbd11bf508","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["291292727991274572558975050199969150874","317036238205304435232424104055067117137","116755388619180383490645454328218328511","139585023601765551227564037762443631804","287252210620997460612647761413592587611","265778105458753372634855752333945513311"]},"deprecated":false,"target":{"file":"src/base/ftobjs.c"}},{"id":"ASB-A-271680254-55e37d7f","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/8abb5b963d8f3bac3224c09edff6dcbbd11bf508","signature_version":"v1","deprecated":false,"digest":{"function_hash":"71647723270484019079235322500524970367","length":1470},"target":{"function":"FT_Request_Size","file":"src/base/ftobjs.c"}},{"id":"ASB-A-271680254-b6552661","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/8abb5b963d8f3bac3224c09edff6dcbbd11bf508","signature_version":"v1","digest":{"function_hash":"77387954643045489322937233492881789249","length":4920},"deprecated":false,"target":{"function":"ft_open_face_internal","file":"src/base/ftobjs.c"}}],"spl":"2023-07-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-271680254.json"}}],"schema_version":"1.7.5"}