{"id":"ASB-A-271680254","details":"In ft_open_face_internal of ftobjs.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-271680254","CVE-2022-27405"],"modified":"2026-03-11T06:28:37.296578Z","published":"2023-07-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-07-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/freetype/+/d45f0e49ab54065eb72d92aa3cc5f2152b0910b7"}],"affected":[{"package":{"name":"platform/external/freetype","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-07-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"deprecated":false,"id":"ASB-A-271680254-57aa9177","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/b0f8930701bf19229075cc930ad15813ff5fb07b","signature_version":"v1","target":{"function":"FT_Request_Size","file":"src/base/ftobjs.c"},"digest":{"function_hash":"273794191095029415571540735433697996590","length":1445}},{"deprecated":false,"id":"ASB-A-271680254-5e513610","signature_type":"Line","source":"https://android.googlesource.com/platform/external/freetype/+/b0f8930701bf19229075cc930ad15813ff5fb07b","signature_version":"v1","target":{"file":"src/base/ftobjs.c"},"digest":{"line_hashes":["291292727991274572558975050199969150874","317036238205304435232424104055067117137","116755388619180383490645454328218328511","139585023601765551227564037762443631804","287252210620997460612647761413592587611","265778105458753372634855752333945513311"],"threshold":0.9}},{"deprecated":false,"id":"ASB-A-271680254-ffe6e6f0","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/b0f8930701bf19229075cc930ad15813ff5fb07b","signature_version":"v1","target":{"function":"ft_open_face_internal","file":"src/base/ftobjs.c"},"digest":{"function_hash":"121312326407145946817341732961959920737","length":4919}}],"types":["ID"],"spl":"2023-07-01","fixes":["https://android.googlesource.com/platform/external/freetype/+/b0f8930701bf19229075cc930ad15813ff5fb07b"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-271680254.json"}},{"package":{"name":"platform/external/freetype","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-07-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"deprecated":false,"id":"ASB-A-271680254-0de1263b","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/470a3e6a1eae76bb5109cec4b01d0ec1ea57dab7","signature_version":"v1","target":{"function":"FT_Request_Size","file":"src/base/ftobjs.c"},"digest":{"function_hash":"183948334972099493898034944722317380673","length":1447}},{"deprecated":false,"id":"ASB-A-271680254-21c8751a","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/470a3e6a1eae76bb5109cec4b01d0ec1ea57dab7","signature_version":"v1","target":{"function":"ft_open_face_internal","file":"src/base/ftobjs.c"},"digest":{"function_hash":"121312326407145946817341732961959920737","length":4919}},{"deprecated":false,"id":"ASB-A-271680254-d5686c46","signature_type":"Line","source":"https://android.googlesource.com/platform/external/freetype/+/470a3e6a1eae76bb5109cec4b01d0ec1ea57dab7","signature_version":"v1","target":{"file":"src/base/ftobjs.c"},"digest":{"line_hashes":["291292727991274572558975050199969150874","317036238205304435232424104055067117137","116755388619180383490645454328218328511","139585023601765551227564037762443631804","287252210620997460612647761413592587611","265778105458753372634855752333945513311"],"threshold":0.9}}],"types":["ID"],"spl":"2023-07-01","fixes":["https://android.googlesource.com/platform/external/freetype/+/470a3e6a1eae76bb5109cec4b01d0ec1ea57dab7"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-271680254.json"}},{"package":{"name":"platform/external/freetype","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-07-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"deprecated":false,"id":"ASB-A-271680254-51f0a721","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/fa4a08921a89b20389b2e61d8817858d4bca291c","signature_version":"v1","target":{"function":"FT_Request_Size","file":"src/base/ftobjs.c"},"digest":{"function_hash":"183948334972099493898034944722317380673","length":1447}},{"deprecated":false,"id":"ASB-A-271680254-b94e759f","signature_type":"Line","source":"https://android.googlesource.com/platform/external/freetype/+/fa4a08921a89b20389b2e61d8817858d4bca291c","signature_version":"v1","target":{"file":"src/base/ftobjs.c"},"digest":{"line_hashes":["291292727991274572558975050199969150874","317036238205304435232424104055067117137","116755388619180383490645454328218328511","139585023601765551227564037762443631804","287252210620997460612647761413592587611","265778105458753372634855752333945513311"],"threshold":0.9}},{"deprecated":false,"id":"ASB-A-271680254-fd5b8413","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/fa4a08921a89b20389b2e61d8817858d4bca291c","signature_version":"v1","target":{"function":"ft_open_face_internal","file":"src/base/ftobjs.c"},"digest":{"function_hash":"121312326407145946817341732961959920737","length":4919}}],"types":["ID"],"spl":"2023-07-01","fixes":["https://android.googlesource.com/platform/external/freetype/+/fa4a08921a89b20389b2e61d8817858d4bca291c"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-271680254.json"}},{"package":{"name":"platform/external/freetype","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-07-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"deprecated":false,"id":"ASB-A-271680254-55aa8618","signature_type":"Line","source":"https://android.googlesource.com/platform/external/freetype/+/8abb5b963d8f3bac3224c09edff6dcbbd11bf508","signature_version":"v1","target":{"file":"src/base/ftobjs.c"},"digest":{"line_hashes":["291292727991274572558975050199969150874","317036238205304435232424104055067117137","116755388619180383490645454328218328511","139585023601765551227564037762443631804","287252210620997460612647761413592587611","265778105458753372634855752333945513311"],"threshold":0.9}},{"deprecated":false,"id":"ASB-A-271680254-55e37d7f","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/8abb5b963d8f3bac3224c09edff6dcbbd11bf508","signature_version":"v1","target":{"function":"FT_Request_Size","file":"src/base/ftobjs.c"},"digest":{"function_hash":"71647723270484019079235322500524970367","length":1470}},{"deprecated":false,"id":"ASB-A-271680254-b6552661","signature_type":"Function","source":"https://android.googlesource.com/platform/external/freetype/+/8abb5b963d8f3bac3224c09edff6dcbbd11bf508","signature_version":"v1","target":{"function":"ft_open_face_internal","file":"src/base/ftobjs.c"},"digest":{"function_hash":"77387954643045489322937233492881789249","length":4920}}],"types":["ID"],"spl":"2023-07-01","fixes":["https://android.googlesource.com/platform/external/freetype/+/8abb5b963d8f3bac3224c09edff6dcbbd11bf508"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-271680254.json"}}],"schema_version":"1.7.5"}