{"id":"ASB-A-271680254","details":"In ft_open_face_internal of ftobjs.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-271680254","CVE-2022-27405"],"modified":"2026-03-11T06:28:37.296578Z","published":"2023-07-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-07-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/freetype/+/d45f0e49ab54065eb72d92aa3cc5f2152b0910b7"}],"affected":[{"package":{"name":"platform/external/freetype","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-07-01"}]}],"versions":["11"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/freetype/+/b0f8930701bf19229075cc930ad15813ff5fb07b"],"vanir_signatures":[{"target":{"function":"FT_Request_Size","file":"src/base/ftobjs.c"},"id":"ASB-A-271680254-57aa9177","deprecated":false,"digest":{"length":1445,"function_hash":"273794191095029415571540735433697996590"},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/b0f8930701bf19229075cc930ad15813ff5fb07b"},{"target":{"file":"src/base/ftobjs.c"},"id":"ASB-A-271680254-5e513610","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["291292727991274572558975050199969150874","317036238205304435232424104055067117137","116755388619180383490645454328218328511","139585023601765551227564037762443631804","287252210620997460612647761413592587611","265778105458753372634855752333945513311"]},"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/external/freetype/+/b0f8930701bf19229075cc930ad15813ff5fb07b"},{"target":{"function":"ft_open_face_internal","file":"src/base/ftobjs.c"},"id":"ASB-A-271680254-ffe6e6f0","deprecated":false,"digest":{"length":4919,"function_hash":"121312326407145946817341732961959920737"},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/b0f8930701bf19229075cc930ad15813ff5fb07b"}],"spl":"2023-07-01","types":["ID"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-271680254.json"}},{"package":{"name":"platform/external/freetype","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-07-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/freetype/+/470a3e6a1eae76bb5109cec4b01d0ec1ea57dab7"],"vanir_signatures":[{"target":{"function":"FT_Request_Size","file":"src/base/ftobjs.c"},"id":"ASB-A-271680254-0de1263b","deprecated":false,"digest":{"length":1447,"function_hash":"183948334972099493898034944722317380673"},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/470a3e6a1eae76bb5109cec4b01d0ec1ea57dab7"},{"target":{"function":"ft_open_face_internal","file":"src/base/ftobjs.c"},"id":"ASB-A-271680254-21c8751a","deprecated":false,"digest":{"length":4919,"function_hash":"121312326407145946817341732961959920737"},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/470a3e6a1eae76bb5109cec4b01d0ec1ea57dab7"},{"target":{"file":"src/base/ftobjs.c"},"id":"ASB-A-271680254-d5686c46","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["291292727991274572558975050199969150874","317036238205304435232424104055067117137","116755388619180383490645454328218328511","139585023601765551227564037762443631804","287252210620997460612647761413592587611","265778105458753372634855752333945513311"]},"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/external/freetype/+/470a3e6a1eae76bb5109cec4b01d0ec1ea57dab7"}],"spl":"2023-07-01","types":["ID"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-271680254.json"}},{"package":{"name":"platform/external/freetype","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-07-01"}]}],"versions":["12L"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/freetype/+/fa4a08921a89b20389b2e61d8817858d4bca291c"],"vanir_signatures":[{"target":{"function":"FT_Request_Size","file":"src/base/ftobjs.c"},"id":"ASB-A-271680254-51f0a721","deprecated":false,"digest":{"length":1447,"function_hash":"183948334972099493898034944722317380673"},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/fa4a08921a89b20389b2e61d8817858d4bca291c"},{"target":{"file":"src/base/ftobjs.c"},"id":"ASB-A-271680254-b94e759f","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["291292727991274572558975050199969150874","317036238205304435232424104055067117137","116755388619180383490645454328218328511","139585023601765551227564037762443631804","287252210620997460612647761413592587611","265778105458753372634855752333945513311"]},"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/external/freetype/+/fa4a08921a89b20389b2e61d8817858d4bca291c"},{"target":{"function":"ft_open_face_internal","file":"src/base/ftobjs.c"},"id":"ASB-A-271680254-fd5b8413","deprecated":false,"digest":{"length":4919,"function_hash":"121312326407145946817341732961959920737"},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/fa4a08921a89b20389b2e61d8817858d4bca291c"}],"spl":"2023-07-01","types":["ID"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-271680254.json"}},{"package":{"name":"platform/external/freetype","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-07-01"}]}],"versions":["13"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/freetype/+/8abb5b963d8f3bac3224c09edff6dcbbd11bf508"],"vanir_signatures":[{"target":{"file":"src/base/ftobjs.c"},"id":"ASB-A-271680254-55aa8618","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["291292727991274572558975050199969150874","317036238205304435232424104055067117137","116755388619180383490645454328218328511","139585023601765551227564037762443631804","287252210620997460612647761413592587611","265778105458753372634855752333945513311"]},"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/external/freetype/+/8abb5b963d8f3bac3224c09edff6dcbbd11bf508"},{"target":{"function":"FT_Request_Size","file":"src/base/ftobjs.c"},"id":"ASB-A-271680254-55e37d7f","deprecated":false,"digest":{"length":1470,"function_hash":"71647723270484019079235322500524970367"},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/8abb5b963d8f3bac3224c09edff6dcbbd11bf508"},{"target":{"function":"ft_open_face_internal","file":"src/base/ftobjs.c"},"id":"ASB-A-271680254-b6552661","deprecated":false,"digest":{"length":4920,"function_hash":"77387954643045489322937233492881789249"},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/8abb5b963d8f3bac3224c09edff6dcbbd11bf508"}],"spl":"2023-07-01","types":["ID"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-271680254.json"}}],"schema_version":"1.7.5"}