{"id":2910,"date":"2025-05-05T06:32:53","date_gmt":"2025-05-05T06:32:53","guid":{"rendered":"http:\/\/localhost\/?p=2910"},"modified":"2025-05-05T06:32:53","modified_gmt":"2025-05-05T06:32:53","slug":"security-bulletin-freetype-versions-2130-and-below-may-lead-to-remote-code-execution-for-ibm-storage","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=2910","title":{"rendered":"Security Bulletin: FreeType versions 2.13.0 and below may lead to remote code execution for IBM Storage Virtualize vSphere Remote Plug-in (CVE-2025-27363)"},"content":{"rendered":"
\n

Vulnerability Details<\/h2>\n
\n

Basic Information<\/h3>\n\n\n\n\n\n\n
Title<\/th>\nSecurity Bulletin: FreeType versions 2.13.0 and below may lead to remote code execution for IBM Storage Virtualize vSphere Remote Plug-in (CVE-2025-27363)<\/td>\n<\/tr>\n
Type<\/th>\nibm<\/td>\n<\/tr>\n
Published<\/th>\n2025-05-05T06:34:06<\/td>\n<\/tr>\n
Last Seen<\/th>\n2025-05-05T10:56:45<\/td>\n<\/tr>\n
CVSS Score<\/th>\n8.1 (HIGH)<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVSS v3 Details<\/h3>\n\n\n\n\n\n\n\n\n\n
Attack Vector<\/th>\nNETWORK<\/td>\n<\/tr>\n
Attack Complexity<\/th>\nHIGH<\/td>\n<\/tr>\n
Privileges Required<\/th>\nNONE<\/td>\n<\/tr>\n
User Interaction<\/th>\nNONE<\/td>\n<\/tr>\n
Scope<\/th>\nUNCHANGED<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Integrity Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Availability Impact<\/th>\nHIGH<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVE Information<\/h3>\n\n\n\n\n
CVE IDs<\/th>\nCVE-2025-27363<\/td>\n<\/tr>\n
CWE<\/th>\n<\/td>\n<\/tr>\n
Bulletin Family<\/th>\nsoftware<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

Description<\/h3>\n
\n ## Summary<\/p>\n

IBM Storage Virtualize vSphere Remote Plug-in virtual appliance runs an NGINX container built on a Debian-based image that uses a vulnerable version of the FreeType library (2.13.0 or earlier). This version is affected by CVE-2025-27363, a critical vulnerability that may allow remote code execution through malicious font rendering. To mitigate potential exploitation risks, it is strongly recommended to upgrade to the latest IBM Storage Virtualize vSphere Remote Plug-in 2.0.0.2<\/p>\n

## Vulnerability Details<\/p>\n

**CVEID:**CVE-2025-27363
\n**DESCRIPTION:** An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
\n**CWE:**CWE-787: Out-of-bounds Write
\n**CVSS Source:** cve-assign@fb.com
\n**CVSS Base score:** 8.1
\n**CVSS Vector:**(CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H)<\/p>\n

## Affected Products and Versions<\/p>\n

**Affected Product(s)**| **Version(s)**
\n—|—
\nIBM Storage Virtualize vSphere Remote Plug-in| 1.0.0.0 \/ 1.1.0.0 \/ 1.1.1.0 \/ 1.1.1.1
\nIBM Storage Virtualize vSphere Remote Plug-in| 1.2.0.0
\nIBM Storage Virtualize vSphere Remote Plug-in| 1.3.0.0
\nIBM Storage Virtualize vSphere Remote Plug-in| 2.0.0.0 \/ 2.0.0.1 <\/p>\n

## Remediation\/Fixes<\/p>\n

IBM strongly recommends addressing the vulnerability now.
\nNote: Download the IBM Storage Virtualize Plugin for vSphere 2.0.0.2 OVA or plugin upgrade package from Fix Central.
\nIBM\u00ae Fix Central<\/p>\n

**Product(s)**| **Version(s) number and\/or range**| **Remediation\/Fix\/Instructions**
\n—|—|—
\nIBM Storage Virtualize vSphere Remote Plug-in| 1.0.0.0 \/ 1.1.0.0 \/ 1.1.1.0 \/ 1.1.1.1| IBM recommends to fix this vulnerability by upgrading IBM Storage Virtualize vSphere Remote Plug-in to 2.0.0.2
\nIBM Storage Virtualize vSphere Remote Plug-in| 1.2.0.0| IBM recommends to fix this vulnerability by upgrading IBM Storage Virtualize vSphere Remote Plug-in to 2.0.0.2
\nIBM Storage Virtualize vSphere Remote Plug-in| 1.3.0.0| IBM recommends to fix this vulnerability by upgrading IBM Storage Virtualize vSphere Remote Plug-in to 2.0.0.2
\nIBM Storage Virtualize vSphere Remote Plug-in| 2.0.0.0 \/ 2.0.0.1| IBM recommends to fix this vulnerability by upgrading IBM Storage Virtualize vSphere Remote Plug-in to 2.0.0.2 <\/p>\n

## Workarounds and Mitigations<\/p>\n

None<\/p>\n

##\n <\/p><\/div>\n<\/p><\/div>\n

\n

Impact Assessment<\/h3>\n\n\n\n
Base Score<\/th>\n8.1<\/td>\n<\/tr>\n
Severity<\/th>\nHIGH<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

View full CVE details<\/a><\/p>\n<\/p><\/div>\n<\/div>\n