{"id":"ASB-A-278221085", "published":"2023-08-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2023-21287", "A-278221085"], "details":"In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/external/freetype", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-08-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/freetype/+/9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c"], "severity":"High", "spl":"2023-08-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["334792182543929480383440716937799893058", "258180257979657888350280028259896639725", "162873756723190507393669055507779684841", "46595232233250072927193949654513017078", "272178452951171809466574156662523219664", "184040358191020242891585524322019043909", "201902892614878104016616455250943266200", "58116092668386983557237258348900550654", "314742669992965541050907643155907195962", "269037478919253106111773954805548860918", "132606668397991821099485138946836119193", "85798172646676082148869581285880396856", "313241533159674775445034787998539497966", "1702406214559525605452880513779145223", "199524786906517706386491048471307433389", "244412500514859629925283842199272197854", "141485887009303778048742366721876386819", "198254654977650575592595565550431883686", "235532050970349007933153649556969467390"], "threshold":0.9}, "id":"ASB-A-278221085-0e17fd46", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c", "target":{"file":"src/truetype/ttgxvar.c"}}, {"deprecated":false, "digest":{"function_hash":"275961431145319746177993265208892136201", "length":179}, "id":"ASB-A-278221085-0e36c93c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c", "target":{"file":"src/cff/cffdrivr.c", "function":"cff_hadvance_adjust"}}, {"deprecated":false, "digest":{"function_hash":"249598027901333960597508316317891499060", "length":118}, "id":"ASB-A-278221085-16f39339", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c", "target":{"file":"include/freetype/internal/services/svmetric.h", "function":"FT_DEFINE_SERVICE"}}, {"deprecated":false, "digest":{"function_hash":"9456583633648978651740109474523600534", "length":960}, "id":"ASB-A-278221085-1ac5fdc1", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c", "target":{"file":"src/truetype/ttdriver.c", "function":"tt_size_request"}}, {"deprecated":false, "digest":{"function_hash":"148175383397407037714474165627486780750", "length":1652}, "id":"ASB-A-278221085-20c7df57", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c", "target":{"file":"src/sfnt/ttmtx.c", "function":"tt_face_get_metrics"}}, {"deprecated":false, "digest":{"line_hashes":["271018400289492168480657586631924571605", "47980938256891677620463507522175434331", "91860444426558735843155908422331519678", "114452616478814496600868803167381234656", "186860925533507239104254014649215818390"], "threshold":0.9}, "id":"ASB-A-278221085-264de371", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c", "target":{"file":"src/truetype/ttobjs.h"}}, {"deprecated":false, "digest":{"function_hash":"123045549037101827569735007574624967734", "length":1538}, "id":"ASB-A-278221085-281a0356", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c", "target":{"file":"src/truetype/ttgxvar.c", "function":"tt_apply_mvar"}}, {"deprecated":false, "digest":{"function_hash":"162742855798609433160547144877211288790", "length":1666}, "id":"ASB-A-278221085-2f9755de", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c", "target":{"file":"src/truetype/ttobjs.c", "function":"tt_size_reset"}}, {"deprecated":false, "digest":{"line_hashes":["142455527820653412637995401532131440830", "99223605339911174262060758638054984662", "62709435095233081217464535688965412750", "228548069913936001005013816411843732507", "270894420811975680686069622533655428063", "48611576887173368830505257140691372944", "270666697925186130573574840092058686100", "232597752811959308048352319443009590919", "58327959179351350088176176809816885219", "180036002856009077810244268636340414327", "141695042590046758349931373652105577326", "93467927163614722088236419520647648086"], "threshold":0.9}, "id":"ASB-A-278221085-336e9f42", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c", "target":{"file":"src/truetype/ttdriver.c"}}, {"deprecated":false, "digest":{"line_hashes":["92146378544959654129926153872084855672", "1244993000954360939936853836940065996", "120474719402437532038662275034226908459", "265237110642790622442040763721839883538", "177931016078659183251321549671899286972", "56493700042344581941982348874379733984", "111122059958307931023452388734435779685", "203201286658882250113608287763722769537", "41422401828202668456852466930616516303", "187881253971505185268273314321540188065", "123893267482446322915664113495671124456", "119718679961544607600473201275050186369", "103507506984622232731982071420080754136", "122641027020872925616559869609730920660", "116736462881943566500977891363907860958"], "threshold":0.9}, "id":"ASB-A-278221085-383e6990", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c", "target":{"file":"include/freetype/internal/services/svmetric.h"}}, {"deprecated":false, "digest":{"line_hashes":["211697671371983483483785119230112883122", "107682397806034071154203099293264964696", "105075367703697981847583111626303645081", "250589613235295337338691888089462395612", "114895822878809041809898479558939759418", "246182975565044923442245398736972641978", "84669694739250341810861787056391004749", "186458982164017147861189905784142438511", "255234090706586638471732830952458642187", "38838630131735764104028388081754217930", "294460125689047709227368746692590674216", "65198391171962393365560510918913859248", "9454597740667725887371277006017793539", "73778831416091997670219177731358760051", "301332748125160266412351074844355357770", "206301406410951534653770759630593399694", "131704830143067660642002683442498941224", "185643162513272524190276791354510739890", "218917174893028901860545679643033092387", "246179179911096275612601743232528185743", "16693534828498574785380493890311263343"], "threshold":0.9}, "id":"ASB-A-278221085-4c17ae7b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c", "target":{"file":"src/truetype/ttobjs.c"}}, {"deprecated":false, "digest":{"function_hash":"191388122419455094564735931318090671525", "length":458}, "id":"ASB-A-278221085-6a699ec2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c", "target":{"file":"src/truetype/ttdriver.c", "function":"tt_size_select"}}, {"deprecated":false, "digest":{"function_hash":"275439749154069934326616399763829364387", "length":10108}, "id":"ASB-A-278221085-6b0924bb", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c", "target":{"file":"src/cff/cffobjs.c", "function":"cff_face_init"}}, {"deprecated":false, "digest":{"line_hashes":["159704397783914659247322987605829329382", "12283751844868956727631642734607246720", "186268454761236019163515415303883073054", "19221572895774122230902721227951660256", "20020337565319798254968340705799518763", "187282161862936677128960735077132448120", "271393463880424899821245180176575203619", "219460479510803134620874433549808254546", "271739285475041500207352120016413028238", "167711708708847057319474804568801109467"], "threshold":0.9}, "id":"ASB-A-278221085-95ea6962", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c", "target":{"file":"src/sfnt/sfobjs.c"}}, {"deprecated":false, "digest":{"line_hashes":["211430171746736583386412285857503063065", "64202426046615070393192615532177350382", "332819270563079092826367819527578619216", "753799903378867717347622757396413956", "114137990206301328463255311108624902433", "300218005146888748176249264162949222014", "323892111429405932129268095623311014721", "210596680323944070007895675375210157360", "244627204225312357286692617319211945545", "271215489522175817816698456836384788969", "224411124722774131060825600838045695272", "129847987118370758974552839573629009809"], "threshold":0.9}, "id":"ASB-A-278221085-9a054111", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c", "target":{"file":"src/cff/cffdrivr.c"}}, {"deprecated":false, "digest":{"line_hashes":["81324551550659020835031498274829865577", "64628579972589487172300064647283366547", "48569153991624587172273794505995223547", "4008573668689600971987096022808589132", "179508138822393431725674257602254466228"], "threshold":0.9}, "id":"ASB-A-278221085-9eeeb4d4", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c", "target":{"file":"src/cff/cffobjs.c"}}, {"deprecated":false, "digest":{"function_hash":"202239639712452929050973163291306496817", "length":158}, "id":"ASB-A-278221085-a454db01", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c", "target":{"file":"src/truetype/ttgxvar.c", "function":"tt_size_reset_iterator"}}, {"deprecated":false, "digest":{"function_hash":"103937802307019932276836119198203294548", "length":125}, "id":"ASB-A-278221085-e5863766", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c", "target":{"file":"src/cff/cffdrivr.c", "function":"cff_metrics_adjust"}}, {"deprecated":false, "digest":{"function_hash":"265731810027481549749563768303685192709", "length":3296}, "id":"ASB-A-278221085-f086a186", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c", "target":{"file":"src/sfnt/sfobjs.c", "function":"sfnt_init_face"}}, {"deprecated":false, "digest":{"line_hashes":["69379683848875879958488858341484277692", "210871115202057797276731706504440817305", "161974402635799736910009457718878567371", "100410506130062274112395633026533654330"], "threshold":0.9}, "id":"ASB-A-278221085-f3fddbdf", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c", "target":{"file":"include/freetype/internal/tttypes.h"}}, {"deprecated":false, "digest":{"line_hashes":["145364366924425590219518521983329033169", "68142871592620668106314402612579791998", "201447733132229662289750970268520987621", "169112981881725159769014037267441691486"], "threshold":0.9}, "id":"ASB-A-278221085-fcbcdfa7", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c", "target":{"file":"src/sfnt/ttmtx.c"}}]}}, {"package":{"name":"platform/external/freetype", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2023-08-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/freetype/+/8d63b0bfcbaba361543fd9394b8d86907f52c97d"], "severity":"High", "spl":"2023-08-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["211697671371983483483785119230112883122", "107682397806034071154203099293264964696", "105075367703697981847583111626303645081", "250589613235295337338691888089462395612", "114895822878809041809898479558939759418", "246182975565044923442245398736972641978", "84669694739250341810861787056391004749", "186458982164017147861189905784142438511", "255234090706586638471732830952458642187", "38838630131735764104028388081754217930", "294460125689047709227368746692590674216", "65198391171962393365560510918913859248", "9454597740667725887371277006017793539", "73778831416091997670219177731358760051", "301332748125160266412351074844355357770", "206301406410951534653770759630593399694", "131704830143067660642002683442498941224", "185643162513272524190276791354510739890", "218917174893028901860545679643033092387", "246179179911096275612601743232528185743", "16693534828498574785380493890311263343"], "threshold":0.9}, "id":"ASB-A-278221085-0e87f990", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/8d63b0bfcbaba361543fd9394b8d86907f52c97d", "target":{"file":"src/truetype/ttobjs.c"}}, {"deprecated":false, "digest":{"line_hashes":["159704397783914659247322987605829329382", "12283751844868956727631642734607246720", "186268454761236019163515415303883073054", "19221572895774122230902721227951660256", "20020337565319798254968340705799518763", "187282161862936677128960735077132448120", "271393463880424899821245180176575203619", "219460479510803134620874433549808254546", "271739285475041500207352120016413028238", "106401573128622108087193596907767497801"], "threshold":0.9}, "id":"ASB-A-278221085-2a5bb79e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/8d63b0bfcbaba361543fd9394b8d86907f52c97d", "target":{"file":"src/sfnt/sfobjs.c"}}, {"deprecated":false, "digest":{"line_hashes":["69379683848875879958488858341484277692", "210871115202057797276731706504440817305", "161974402635799736910009457718878567371", "100410506130062274112395633026533654330"], "threshold":0.9}, "id":"ASB-A-278221085-2c1cfb73", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/8d63b0bfcbaba361543fd9394b8d86907f52c97d", "target":{"file":"include/freetype/internal/tttypes.h"}}, {"deprecated":false, "digest":{"line_hashes":["92146378544959654129926153872084855672", "1244993000954360939936853836940065996", "120474719402437532038662275034226908459", "265237110642790622442040763721839883538", "177931016078659183251321549671899286972", "56493700042344581941982348874379733984", "111122059958307931023452388734435779685", "203201286658882250113608287763722769537", "41422401828202668456852466930616516303", "187881253971505185268273314321540188065", "123893267482446322915664113495671124456", "119718679961544607600473201275050186369", "103507506984622232731982071420080754136", "122641027020872925616559869609730920660", "116736462881943566500977891363907860958"], "threshold":0.9}, "id":"ASB-A-278221085-38dca8ed", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/8d63b0bfcbaba361543fd9394b8d86907f52c97d", "target":{"file":"include/freetype/internal/services/svmetric.h"}}, {"deprecated":false, "digest":{"function_hash":"17822159640300798168909717059436445320", "length":3196}, "id":"ASB-A-278221085-401597a0", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/8d63b0bfcbaba361543fd9394b8d86907f52c97d", "target":{"file":"src/sfnt/sfobjs.c", "function":"sfnt_init_face"}}, {"deprecated":false, "digest":{"function_hash":"139895758830792412186824998433834969283", "length":1518}, "id":"ASB-A-278221085-4529331d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/8d63b0bfcbaba361543fd9394b8d86907f52c97d", "target":{"file":"src/truetype/ttgxvar.c", "function":"tt_apply_mvar"}}, {"deprecated":false, "digest":{"line_hashes":["211430171746736583386412285857503063065", "64202426046615070393192615532177350382", "332819270563079092826367819527578619216", "753799903378867717347622757396413956", "114137990206301328463255311108624902433", "300218005146888748176249264162949222014", "323892111429405932129268095623311014721", "210596680323944070007895675375210157360", "244627204225312357286692617319211945545", "271215489522175817816698456836384788969", "224411124722774131060825600838045695272", "129847987118370758974552839573629009809"], "threshold":0.9}, "id":"ASB-A-278221085-488bacaa", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/8d63b0bfcbaba361543fd9394b8d86907f52c97d", "target":{"file":"src/cff/cffdrivr.c"}}, {"deprecated":false, "digest":{"function_hash":"275961431145319746177993265208892136201", "length":179}, "id":"ASB-A-278221085-5343713f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/8d63b0bfcbaba361543fd9394b8d86907f52c97d", "target":{"file":"src/cff/cffdrivr.c", "function":"cff_hadvance_adjust"}}, {"deprecated":false, "digest":{"line_hashes":["81324551550659020835031498274829865577", "64628579972589487172300064647283366547", "48569153991624587172273794505995223547", "4008573668689600971987096022808589132", "179508138822393431725674257602254466228"], "threshold":0.9}, "id":"ASB-A-278221085-79f95b63", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/8d63b0bfcbaba361543fd9394b8d86907f52c97d", "target":{"file":"src/cff/cffobjs.c"}}, {"deprecated":false, "digest":{"function_hash":"14137216718106970246136568015492444008", "length":1609}, "id":"ASB-A-278221085-84250e11", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/8d63b0bfcbaba361543fd9394b8d86907f52c97d", "target":{"file":"src/truetype/ttobjs.c", "function":"tt_size_reset"}}, {"deprecated":false, "digest":{"function_hash":"169543274855713105573779181436710282501", "length":898}, "id":"ASB-A-278221085-8fbf62ad", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/8d63b0bfcbaba361543fd9394b8d86907f52c97d", "target":{"file":"src/truetype/ttdriver.c", "function":"tt_size_request"}}, {"deprecated":false, "digest":{"line_hashes":["145364366924425590219518521983329033169", "68142871592620668106314402612579791998", "201447733132229662289750970268520987621", "169112981881725159769014037267441691486"], "threshold":0.9}, "id":"ASB-A-278221085-945b8ad7", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/8d63b0bfcbaba361543fd9394b8d86907f52c97d", "target":{"file":"src/sfnt/ttmtx.c"}}, {"deprecated":false, "digest":{"line_hashes":["142455527820653412637995401532131440830", "99223605339911174262060758638054984662", "62709435095233081217464535688965412750", "228548069913936001005013816411843732507", "114303640341920210731175487775196654691", "48611576887173368830505257140691372944", "270666697925186130573574840092058686100", "232597752811959308048352319443009590919", "58327959179351350088176176809816885219", "180036002856009077810244268636340414327", "141695042590046758349931373652105577326", "93467927163614722088236419520647648086"], "threshold":0.9}, "id":"ASB-A-278221085-a8e23cbb", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/8d63b0bfcbaba361543fd9394b8d86907f52c97d", "target":{"file":"src/truetype/ttdriver.c"}}, {"deprecated":false, "digest":{"function_hash":"191388122419455094564735931318090671525", "length":458}, "id":"ASB-A-278221085-ab46909c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/8d63b0bfcbaba361543fd9394b8d86907f52c97d", "target":{"file":"src/truetype/ttdriver.c", "function":"tt_size_select"}}, {"deprecated":false, "digest":{"line_hashes":["334792182543929480383440716937799893058", "258180257979657888350280028259896639725", "162873756723190507393669055507779684841", "46595232233250072927193949654513017078", "272178452951171809466574156662523219664", "184040358191020242891585524322019043909", "201902892614878104016616455250943266200", "58116092668386983557237258348900550654", "314742669992965541050907643155907195962", "269037478919253106111773954805548860918", "132606668397991821099485138946836119193", "85798172646676082148869581285880396856", "313241533159674775445034787998539497966", "1702406214559525605452880513779145223", "199524786906517706386491048471307433389", "244412500514859629925283842199272197854", "141485887009303778048742366721876386819", "198254654977650575592595565550431883686", "235532050970349007933153649556969467390"], "threshold":0.9}, "id":"ASB-A-278221085-b99df00b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/8d63b0bfcbaba361543fd9394b8d86907f52c97d", "target":{"file":"src/truetype/ttgxvar.c"}}, {"deprecated":false, "digest":{"function_hash":"202239639712452929050973163291306496817", "length":158}, "id":"ASB-A-278221085-bab77efb", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/8d63b0bfcbaba361543fd9394b8d86907f52c97d", "target":{"file":"src/truetype/ttgxvar.c", "function":"tt_size_reset_iterator"}}, {"deprecated":false, "digest":{"function_hash":"249598027901333960597508316317891499060", "length":118}, "id":"ASB-A-278221085-bbe48f74", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/8d63b0bfcbaba361543fd9394b8d86907f52c97d", "target":{"file":"include/freetype/internal/services/svmetric.h", "function":"FT_DEFINE_SERVICE"}}, {"deprecated":false, "digest":{"function_hash":"321014961876317123689295716789441992944", "length":10167}, "id":"ASB-A-278221085-cdf42145", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/8d63b0bfcbaba361543fd9394b8d86907f52c97d", "target":{"file":"src/cff/cffobjs.c", "function":"cff_face_init"}}, {"deprecated":false, "digest":{"line_hashes":["271018400289492168480657586631924571605", "47980938256891677620463507522175434331", "91860444426558735843155908422331519678", "114452616478814496600868803167381234656", "186860925533507239104254014649215818390"], "threshold":0.9}, "id":"ASB-A-278221085-ce3b3ac0", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/8d63b0bfcbaba361543fd9394b8d86907f52c97d", "target":{"file":"src/truetype/ttobjs.h"}}, {"deprecated":false, "digest":{"function_hash":"267580534811830866237988056573382196863", "length":1634}, "id":"ASB-A-278221085-d89f90d7", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/8d63b0bfcbaba361543fd9394b8d86907f52c97d", "target":{"file":"src/sfnt/ttmtx.c", "function":"tt_face_get_metrics"}}, {"deprecated":false, "digest":{"function_hash":"103937802307019932276836119198203294548", "length":125}, "id":"ASB-A-278221085-f358c071", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/8d63b0bfcbaba361543fd9394b8d86907f52c97d", "target":{"file":"src/cff/cffdrivr.c", "function":"cff_metrics_adjust"}}]}}, {"package":{"name":"platform/external/freetype", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-08-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/freetype/+/b0d165057a12acd25f58e8e5ccd70b16505dd28b"], "severity":"High", "spl":"2023-08-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"267580534811830866237988056573382196863", "length":1634}, "id":"ASB-A-278221085-1bc7df35", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/b0d165057a12acd25f58e8e5ccd70b16505dd28b", "target":{"file":"src/sfnt/ttmtx.c", "function":"tt_face_get_metrics"}}, {"deprecated":false, "digest":{"line_hashes":["211697671371983483483785119230112883122", "107682397806034071154203099293264964696", "105075367703697981847583111626303645081", "250589613235295337338691888089462395612", "114895822878809041809898479558939759418", "246182975565044923442245398736972641978", "84669694739250341810861787056391004749", "186458982164017147861189905784142438511", "255234090706586638471732830952458642187", "38838630131735764104028388081754217930", "294460125689047709227368746692590674216", "65198391171962393365560510918913859248", "9454597740667725887371277006017793539", "73778831416091997670219177731358760051", "301332748125160266412351074844355357770", "206301406410951534653770759630593399694", "131704830143067660642002683442498941224", "185643162513272524190276791354510739890", "218917174893028901860545679643033092387", "246179179911096275612601743232528185743", "16693534828498574785380493890311263343"], "threshold":0.9}, "id":"ASB-A-278221085-34b5df05", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/b0d165057a12acd25f58e8e5ccd70b16505dd28b", "target":{"file":"src/truetype/ttobjs.c"}}, {"deprecated":false, "digest":{"line_hashes":["334792182543929480383440716937799893058", "258180257979657888350280028259896639725", "162873756723190507393669055507779684841", "46595232233250072927193949654513017078", "272178452951171809466574156662523219664", "184040358191020242891585524322019043909", "201902892614878104016616455250943266200", "58116092668386983557237258348900550654", "314742669992965541050907643155907195962", "269037478919253106111773954805548860918", "132606668397991821099485138946836119193", "85798172646676082148869581285880396856", "313241533159674775445034787998539497966", "1702406214559525605452880513779145223", "199524786906517706386491048471307433389", "244412500514859629925283842199272197854", "141485887009303778048742366721876386819", "198254654977650575592595565550431883686", "235532050970349007933153649556969467390"], "threshold":0.9}, "id":"ASB-A-278221085-38bc1f58", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/b0d165057a12acd25f58e8e5ccd70b16505dd28b", "target":{"file":"src/truetype/ttgxvar.c"}}, {"deprecated":false, "digest":{"line_hashes":["271018400289492168480657586631924571605", "47980938256891677620463507522175434331", "91860444426558735843155908422331519678", "114452616478814496600868803167381234656", "186860925533507239104254014649215818390"], "threshold":0.9}, "id":"ASB-A-278221085-3f175d36", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/b0d165057a12acd25f58e8e5ccd70b16505dd28b", "target":{"file":"src/truetype/ttobjs.h"}}, {"deprecated":false, "digest":{"line_hashes":["92146378544959654129926153872084855672", "1244993000954360939936853836940065996", "120474719402437532038662275034226908459", "265237110642790622442040763721839883538", "177931016078659183251321549671899286972", "56493700042344581941982348874379733984", "111122059958307931023452388734435779685", "203201286658882250113608287763722769537", "41422401828202668456852466930616516303", "187881253971505185268273314321540188065", "123893267482446322915664113495671124456", "119718679961544607600473201275050186369", "103507506984622232731982071420080754136", "122641027020872925616559869609730920660", "116736462881943566500977891363907860958"], "threshold":0.9}, "id":"ASB-A-278221085-5243725e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/b0d165057a12acd25f58e8e5ccd70b16505dd28b", "target":{"file":"include/freetype/internal/services/svmetric.h"}}, {"deprecated":false, "digest":{"function_hash":"249598027901333960597508316317891499060", "length":118}, "id":"ASB-A-278221085-60fb6a79", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/b0d165057a12acd25f58e8e5ccd70b16505dd28b", "target":{"file":"include/freetype/internal/services/svmetric.h", "function":"FT_DEFINE_SERVICE"}}, {"deprecated":false, "digest":{"function_hash":"139895758830792412186824998433834969283", "length":1518}, "id":"ASB-A-278221085-66af6658", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/b0d165057a12acd25f58e8e5ccd70b16505dd28b", "target":{"file":"src/truetype/ttgxvar.c", "function":"tt_apply_mvar"}}, {"deprecated":false, "digest":{"line_hashes":["145364366924425590219518521983329033169", "68142871592620668106314402612579791998", "201447733132229662289750970268520987621", "169112981881725159769014037267441691486"], "threshold":0.9}, "id":"ASB-A-278221085-6c066263", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/b0d165057a12acd25f58e8e5ccd70b16505dd28b", "target":{"file":"src/sfnt/ttmtx.c"}}, {"deprecated":false, "digest":{"function_hash":"14137216718106970246136568015492444008", "length":1609}, "id":"ASB-A-278221085-756a6751", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/b0d165057a12acd25f58e8e5ccd70b16505dd28b", "target":{"file":"src/truetype/ttobjs.c", "function":"tt_size_reset"}}, {"deprecated":false, "digest":{"line_hashes":["142455527820653412637995401532131440830", "99223605339911174262060758638054984662", "62709435095233081217464535688965412750", "228548069913936001005013816411843732507", "114303640341920210731175487775196654691", "48611576887173368830505257140691372944", "270666697925186130573574840092058686100", "232597752811959308048352319443009590919", "58327959179351350088176176809816885219", "180036002856009077810244268636340414327", "141695042590046758349931373652105577326", "93467927163614722088236419520647648086"], "threshold":0.9}, "id":"ASB-A-278221085-756b9851", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/b0d165057a12acd25f58e8e5ccd70b16505dd28b", "target":{"file":"src/truetype/ttdriver.c"}}, {"deprecated":false, "digest":{"function_hash":"84087207628747707994059228107237820774", "length":3285}, "id":"ASB-A-278221085-806639ac", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/b0d165057a12acd25f58e8e5ccd70b16505dd28b", "target":{"file":"src/sfnt/sfobjs.c", "function":"sfnt_init_face"}}, {"deprecated":false, "digest":{"function_hash":"202239639712452929050973163291306496817", "length":158}, "id":"ASB-A-278221085-8b5ca89c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/b0d165057a12acd25f58e8e5ccd70b16505dd28b", "target":{"file":"src/truetype/ttgxvar.c", "function":"tt_size_reset_iterator"}}, {"deprecated":false, "digest":{"function_hash":"169543274855713105573779181436710282501", "length":898}, "id":"ASB-A-278221085-904893e9", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/b0d165057a12acd25f58e8e5ccd70b16505dd28b", "target":{"file":"src/truetype/ttdriver.c", "function":"tt_size_request"}}, {"deprecated":false, "digest":{"function_hash":"91800131231326910883838789511303451405", "length":10187}, "id":"ASB-A-278221085-9e90a19b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/b0d165057a12acd25f58e8e5ccd70b16505dd28b", "target":{"file":"src/cff/cffobjs.c", "function":"cff_face_init"}}, {"deprecated":false, "digest":{"line_hashes":["211430171746736583386412285857503063065", "64202426046615070393192615532177350382", "332819270563079092826367819527578619216", "753799903378867717347622757396413956", "114137990206301328463255311108624902433", "300218005146888748176249264162949222014", "323892111429405932129268095623311014721", "210596680323944070007895675375210157360", "244627204225312357286692617319211945545", "271215489522175817816698456836384788969", "224411124722774131060825600838045695272", "129847987118370758974552839573629009809"], "threshold":0.9}, "id":"ASB-A-278221085-b604dedf", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/b0d165057a12acd25f58e8e5ccd70b16505dd28b", "target":{"file":"src/cff/cffdrivr.c"}}, {"deprecated":false, "digest":{"function_hash":"191388122419455094564735931318090671525", "length":458}, "id":"ASB-A-278221085-b9492583", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/b0d165057a12acd25f58e8e5ccd70b16505dd28b", "target":{"file":"src/truetype/ttdriver.c", "function":"tt_size_select"}}, {"deprecated":false, "digest":{"function_hash":"275961431145319746177993265208892136201", "length":179}, "id":"ASB-A-278221085-c9f02388", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/b0d165057a12acd25f58e8e5ccd70b16505dd28b", "target":{"file":"src/cff/cffdrivr.c", "function":"cff_hadvance_adjust"}}, {"deprecated":false, "digest":{"line_hashes":["81324551550659020835031498274829865577", "64628579972589487172300064647283366547", "48569153991624587172273794505995223547", "4008573668689600971987096022808589132", "179508138822393431725674257602254466228"], "threshold":0.9}, "id":"ASB-A-278221085-cf922405", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/b0d165057a12acd25f58e8e5ccd70b16505dd28b", "target":{"file":"src/cff/cffobjs.c"}}, {"deprecated":false, "digest":{"line_hashes":["69379683848875879958488858341484277692", "210871115202057797276731706504440817305", "161974402635799736910009457718878567371", "100410506130062274112395633026533654330"], "threshold":0.9}, "id":"ASB-A-278221085-d60d5e86", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/b0d165057a12acd25f58e8e5ccd70b16505dd28b", "target":{"file":"include/freetype/internal/tttypes.h"}}, {"deprecated":false, "digest":{"line_hashes":["159704397783914659247322987605829329382", "12283751844868956727631642734607246720", "186268454761236019163515415303883073054", "19221572895774122230902721227951660256", "20020337565319798254968340705799518763", "187282161862936677128960735077132448120", "271393463880424899821245180176575203619", "219460479510803134620874433549808254546", "271739285475041500207352120016413028238", "167711708708847057319474804568801109467"], "threshold":0.9}, "id":"ASB-A-278221085-d8b1973a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/b0d165057a12acd25f58e8e5ccd70b16505dd28b", "target":{"file":"src/sfnt/sfobjs.c"}}, {"deprecated":false, "digest":{"function_hash":"103937802307019932276836119198203294548", "length":125}, "id":"ASB-A-278221085-f2d65671", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/b0d165057a12acd25f58e8e5ccd70b16505dd28b", "target":{"file":"src/cff/cffdrivr.c", "function":"cff_metrics_adjust"}}]}}, {"package":{"name":"platform/external/freetype", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-08-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/freetype/+/a45c6a1cf3625709e149550b8fff1f09d01388d3"], "severity":"High", "spl":"2023-08-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"169543274855713105573779181436710282501", "length":898}, "id":"ASB-A-278221085-056e22b8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/a45c6a1cf3625709e149550b8fff1f09d01388d3", "target":{"file":"src/truetype/ttdriver.c", "function":"tt_size_request"}}, {"deprecated":false, "digest":{"function_hash":"275961431145319746177993265208892136201", "length":179}, "id":"ASB-A-278221085-1659795e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/a45c6a1cf3625709e149550b8fff1f09d01388d3", "target":{"file":"src/cff/cffdrivr.c", "function":"cff_hadvance_adjust"}}, {"deprecated":false, "digest":{"function_hash":"267580534811830866237988056573382196863", "length":1634}, "id":"ASB-A-278221085-1e1894bb", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/a45c6a1cf3625709e149550b8fff1f09d01388d3", "target":{"file":"src/sfnt/ttmtx.c", "function":"tt_face_get_metrics"}}, {"deprecated":false, "digest":{"line_hashes":["271018400289492168480657586631924571605", "47980938256891677620463507522175434331", "91860444426558735843155908422331519678", "114452616478814496600868803167381234656", "186860925533507239104254014649215818390"], "threshold":0.9}, "id":"ASB-A-278221085-20446523", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/a45c6a1cf3625709e149550b8fff1f09d01388d3", "target":{"file":"src/truetype/ttobjs.h"}}, {"deprecated":false, "digest":{"function_hash":"202239639712452929050973163291306496817", "length":158}, "id":"ASB-A-278221085-316ac9bc", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/a45c6a1cf3625709e149550b8fff1f09d01388d3", "target":{"file":"src/truetype/ttgxvar.c", "function":"tt_size_reset_iterator"}}, {"deprecated":false, "digest":{"line_hashes":["159704397783914659247322987605829329382", "12283751844868956727631642734607246720", "186268454761236019163515415303883073054", "19221572895774122230902721227951660256", "20020337565319798254968340705799518763", "187282161862936677128960735077132448120", "271393463880424899821245180176575203619", "219460479510803134620874433549808254546", "271739285475041500207352120016413028238", "167711708708847057319474804568801109467"], "threshold":0.9}, "id":"ASB-A-278221085-4a13fad8", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/a45c6a1cf3625709e149550b8fff1f09d01388d3", "target":{"file":"src/sfnt/sfobjs.c"}}, {"deprecated":false, "digest":{"line_hashes":["142455527820653412637995401532131440830", "99223605339911174262060758638054984662", "62709435095233081217464535688965412750", "228548069913936001005013816411843732507", "114303640341920210731175487775196654691", "48611576887173368830505257140691372944", "270666697925186130573574840092058686100", "232597752811959308048352319443009590919", "58327959179351350088176176809816885219", "180036002856009077810244268636340414327", "141695042590046758349931373652105577326", "93467927163614722088236419520647648086"], "threshold":0.9}, "id":"ASB-A-278221085-5df7f8b9", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/a45c6a1cf3625709e149550b8fff1f09d01388d3", "target":{"file":"src/truetype/ttdriver.c"}}, {"deprecated":false, "digest":{"line_hashes":["92146378544959654129926153872084855672", "1244993000954360939936853836940065996", "120474719402437532038662275034226908459", "265237110642790622442040763721839883538", "177931016078659183251321549671899286972", "56493700042344581941982348874379733984", "111122059958307931023452388734435779685", "203201286658882250113608287763722769537", "41422401828202668456852466930616516303", "187881253971505185268273314321540188065", "123893267482446322915664113495671124456", "119718679961544607600473201275050186369", "103507506984622232731982071420080754136", "122641027020872925616559869609730920660", "116736462881943566500977891363907860958"], "threshold":0.9}, "id":"ASB-A-278221085-604d5f48", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/a45c6a1cf3625709e149550b8fff1f09d01388d3", "target":{"file":"include/freetype/internal/services/svmetric.h"}}, {"deprecated":false, "digest":{"function_hash":"14137216718106970246136568015492444008", "length":1609}, "id":"ASB-A-278221085-7693170e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/a45c6a1cf3625709e149550b8fff1f09d01388d3", "target":{"file":"src/truetype/ttobjs.c", "function":"tt_size_reset"}}, {"deprecated":false, "digest":{"line_hashes":["69379683848875879958488858341484277692", "210871115202057797276731706504440817305", "161974402635799736910009457718878567371", "100410506130062274112395633026533654330"], "threshold":0.9}, "id":"ASB-A-278221085-77cb0b78", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/a45c6a1cf3625709e149550b8fff1f09d01388d3", "target":{"file":"include/freetype/internal/tttypes.h"}}, {"deprecated":false, "digest":{"line_hashes":["145364366924425590219518521983329033169", "68142871592620668106314402612579791998", "201447733132229662289750970268520987621", "169112981881725159769014037267441691486"], "threshold":0.9}, "id":"ASB-A-278221085-916a426d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/a45c6a1cf3625709e149550b8fff1f09d01388d3", "target":{"file":"src/sfnt/ttmtx.c"}}, {"deprecated":false, "digest":{"line_hashes":["81324551550659020835031498274829865577", "64628579972589487172300064647283366547", "48569153991624587172273794505995223547", "4008573668689600971987096022808589132", "179508138822393431725674257602254466228"], "threshold":0.9}, "id":"ASB-A-278221085-af95d43d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/a45c6a1cf3625709e149550b8fff1f09d01388d3", "target":{"file":"src/cff/cffobjs.c"}}, {"deprecated":false, "digest":{"function_hash":"139895758830792412186824998433834969283", "length":1518}, "id":"ASB-A-278221085-bc971466", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/a45c6a1cf3625709e149550b8fff1f09d01388d3", "target":{"file":"src/truetype/ttgxvar.c", "function":"tt_apply_mvar"}}, {"deprecated":false, "digest":{"function_hash":"91800131231326910883838789511303451405", "length":10187}, "id":"ASB-A-278221085-c642ed28", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/a45c6a1cf3625709e149550b8fff1f09d01388d3", "target":{"file":"src/cff/cffobjs.c", "function":"cff_face_init"}}, {"deprecated":false, "digest":{"line_hashes":["211430171746736583386412285857503063065", "64202426046615070393192615532177350382", "332819270563079092826367819527578619216", "753799903378867717347622757396413956", "114137990206301328463255311108624902433", "300218005146888748176249264162949222014", "323892111429405932129268095623311014721", "210596680323944070007895675375210157360", "244627204225312357286692617319211945545", "271215489522175817816698456836384788969", "224411124722774131060825600838045695272", "129847987118370758974552839573629009809"], "threshold":0.9}, "id":"ASB-A-278221085-c697ac79", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/a45c6a1cf3625709e149550b8fff1f09d01388d3", "target":{"file":"src/cff/cffdrivr.c"}}, {"deprecated":false, "digest":{"function_hash":"84087207628747707994059228107237820774", "length":3285}, "id":"ASB-A-278221085-c73b18ff", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/a45c6a1cf3625709e149550b8fff1f09d01388d3", "target":{"file":"src/sfnt/sfobjs.c", "function":"sfnt_init_face"}}, {"deprecated":false, "digest":{"line_hashes":["211697671371983483483785119230112883122", "107682397806034071154203099293264964696", "105075367703697981847583111626303645081", "250589613235295337338691888089462395612", "114895822878809041809898479558939759418", "246182975565044923442245398736972641978", "84669694739250341810861787056391004749", "186458982164017147861189905784142438511", "255234090706586638471732830952458642187", "38838630131735764104028388081754217930", "294460125689047709227368746692590674216", "65198391171962393365560510918913859248", "9454597740667725887371277006017793539", "73778831416091997670219177731358760051", "301332748125160266412351074844355357770", "206301406410951534653770759630593399694", "131704830143067660642002683442498941224", "185643162513272524190276791354510739890", "218917174893028901860545679643033092387", "246179179911096275612601743232528185743", "16693534828498574785380493890311263343"], "threshold":0.9}, "id":"ASB-A-278221085-c95280db", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/a45c6a1cf3625709e149550b8fff1f09d01388d3", "target":{"file":"src/truetype/ttobjs.c"}}, {"deprecated":false, "digest":{"function_hash":"249598027901333960597508316317891499060", "length":118}, "id":"ASB-A-278221085-cbec6d83", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/a45c6a1cf3625709e149550b8fff1f09d01388d3", "target":{"file":"include/freetype/internal/services/svmetric.h", "function":"FT_DEFINE_SERVICE"}}, {"deprecated":false, "digest":{"function_hash":"191388122419455094564735931318090671525", "length":458}, "id":"ASB-A-278221085-d0020302", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/a45c6a1cf3625709e149550b8fff1f09d01388d3", "target":{"file":"src/truetype/ttdriver.c", "function":"tt_size_select"}}, {"deprecated":false, "digest":{"line_hashes":["334792182543929480383440716937799893058", "258180257979657888350280028259896639725", "162873756723190507393669055507779684841", "46595232233250072927193949654513017078", "272178452951171809466574156662523219664", "184040358191020242891585524322019043909", "201902892614878104016616455250943266200", "58116092668386983557237258348900550654", "314742669992965541050907643155907195962", "269037478919253106111773954805548860918", "132606668397991821099485138946836119193", "85798172646676082148869581285880396856", "313241533159674775445034787998539497966", "1702406214559525605452880513779145223", "199524786906517706386491048471307433389", "244412500514859629925283842199272197854", "141485887009303778048742366721876386819", "198254654977650575592595565550431883686", "235532050970349007933153649556969467390"], "threshold":0.9}, "id":"ASB-A-278221085-d6cc9844", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/a45c6a1cf3625709e149550b8fff1f09d01388d3", "target":{"file":"src/truetype/ttgxvar.c"}}, {"deprecated":false, "digest":{"function_hash":"103937802307019932276836119198203294548", "length":125}, "id":"ASB-A-278221085-f21631ae", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/a45c6a1cf3625709e149550b8fff1f09d01388d3", "target":{"file":"src/cff/cffdrivr.c", "function":"cff_metrics_adjust"}}]}}, {"package":{"name":"platform/external/freetype", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-08-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/freetype/+/cff127c5bc4a47ef88df305380ee2a47318a865b"], "severity":"High", "spl":"2023-08-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"249598027901333960597508316317891499060", "length":118}, "id":"ASB-A-278221085-1ee3db8d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/cff127c5bc4a47ef88df305380ee2a47318a865b", "target":{"file":"include/freetype/internal/services/svmetric.h", "function":"FT_DEFINE_SERVICE"}}, {"deprecated":false, "digest":{"function_hash":"267580534811830866237988056573382196863", "length":1634}, "id":"ASB-A-278221085-21281505", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/cff127c5bc4a47ef88df305380ee2a47318a865b", "target":{"file":"src/sfnt/ttmtx.c", "function":"tt_face_get_metrics"}}, {"deprecated":false, "digest":{"line_hashes":["92146378544959654129926153872084855672", "1244993000954360939936853836940065996", "120474719402437532038662275034226908459", "265237110642790622442040763721839883538", "177931016078659183251321549671899286972", "56493700042344581941982348874379733984", "111122059958307931023452388734435779685", "203201286658882250113608287763722769537", "41422401828202668456852466930616516303", "187881253971505185268273314321540188065", "123893267482446322915664113495671124456", "119718679961544607600473201275050186369", "103507506984622232731982071420080754136", "122641027020872925616559869609730920660", "116736462881943566500977891363907860958"], "threshold":0.9}, "id":"ASB-A-278221085-22216185", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/cff127c5bc4a47ef88df305380ee2a47318a865b", "target":{"file":"include/freetype/internal/services/svmetric.h"}}, {"deprecated":false, "digest":{"function_hash":"103937802307019932276836119198203294548", "length":125}, "id":"ASB-A-278221085-48b63ff5", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/cff127c5bc4a47ef88df305380ee2a47318a865b", "target":{"file":"src/cff/cffdrivr.c", "function":"cff_metrics_adjust"}}, {"deprecated":false, "digest":{"function_hash":"191388122419455094564735931318090671525", "length":458}, "id":"ASB-A-278221085-597862f7", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/cff127c5bc4a47ef88df305380ee2a47318a865b", "target":{"file":"src/truetype/ttdriver.c", "function":"tt_size_select"}}, {"deprecated":false, "digest":{"function_hash":"275961431145319746177993265208892136201", "length":179}, "id":"ASB-A-278221085-598f9495", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/cff127c5bc4a47ef88df305380ee2a47318a865b", "target":{"file":"src/cff/cffdrivr.c", "function":"cff_hadvance_adjust"}}, {"deprecated":false, "digest":{"line_hashes":["211430171746736583386412285857503063065", "64202426046615070393192615532177350382", "332819270563079092826367819527578619216", "753799903378867717347622757396413956", "114137990206301328463255311108624902433", "300218005146888748176249264162949222014", "323892111429405932129268095623311014721", "210596680323944070007895675375210157360", "244627204225312357286692617319211945545", "271215489522175817816698456836384788969", "224411124722774131060825600838045695272", "129847987118370758974552839573629009809"], "threshold":0.9}, "id":"ASB-A-278221085-679752e3", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/cff127c5bc4a47ef88df305380ee2a47318a865b", "target":{"file":"src/cff/cffdrivr.c"}}, {"deprecated":false, "digest":{"function_hash":"9456583633648978651740109474523600534", "length":960}, "id":"ASB-A-278221085-7307451e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/cff127c5bc4a47ef88df305380ee2a47318a865b", "target":{"file":"src/truetype/ttdriver.c", "function":"tt_size_request"}}, {"deprecated":false, "digest":{"line_hashes":["271018400289492168480657586631924571605", "47980938256891677620463507522175434331", "91860444426558735843155908422331519678", "114452616478814496600868803167381234656", "186860925533507239104254014649215818390"], "threshold":0.9}, "id":"ASB-A-278221085-792685f4", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/cff127c5bc4a47ef88df305380ee2a47318a865b", "target":{"file":"src/truetype/ttobjs.h"}}, {"deprecated":false, "digest":{"function_hash":"84087207628747707994059228107237820774", "length":3285}, "id":"ASB-A-278221085-84cbf0d8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/cff127c5bc4a47ef88df305380ee2a47318a865b", "target":{"file":"src/sfnt/sfobjs.c", "function":"sfnt_init_face"}}, {"deprecated":false, "digest":{"function_hash":"213542347764508152130247189091485599889", "length":10157}, "id":"ASB-A-278221085-8c553243", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/cff127c5bc4a47ef88df305380ee2a47318a865b", "target":{"file":"src/cff/cffobjs.c", "function":"cff_face_init"}}, {"deprecated":false, "digest":{"line_hashes":["69379683848875879958488858341484277692", "210871115202057797276731706504440817305", "161974402635799736910009457718878567371", "100410506130062274112395633026533654330"], "threshold":0.9}, "id":"ASB-A-278221085-a1190450", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/cff127c5bc4a47ef88df305380ee2a47318a865b", "target":{"file":"include/freetype/internal/tttypes.h"}}, {"deprecated":false, "digest":{"line_hashes":["211697671371983483483785119230112883122", "107682397806034071154203099293264964696", "105075367703697981847583111626303645081", "250589613235295337338691888089462395612", "114895822878809041809898479558939759418", "246182975565044923442245398736972641978", "84669694739250341810861787056391004749", "186458982164017147861189905784142438511", "255234090706586638471732830952458642187", "38838630131735764104028388081754217930", "294460125689047709227368746692590674216", "65198391171962393365560510918913859248", "9454597740667725887371277006017793539", "73778831416091997670219177731358760051", "301332748125160266412351074844355357770", "206301406410951534653770759630593399694", "131704830143067660642002683442498941224", "185643162513272524190276791354510739890", "218917174893028901860545679643033092387", "246179179911096275612601743232528185743", "16693534828498574785380493890311263343"], "threshold":0.9}, "id":"ASB-A-278221085-a43e5138", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/cff127c5bc4a47ef88df305380ee2a47318a865b", "target":{"file":"src/truetype/ttobjs.c"}}, {"deprecated":false, "digest":{"function_hash":"139895758830792412186824998433834969283", "length":1518}, "id":"ASB-A-278221085-aa045821", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/cff127c5bc4a47ef88df305380ee2a47318a865b", "target":{"file":"src/truetype/ttgxvar.c", "function":"tt_apply_mvar"}}, {"deprecated":false, "digest":{"line_hashes":["81324551550659020835031498274829865577", "64628579972589487172300064647283366547", "48569153991624587172273794505995223547", "4008573668689600971987096022808589132", "179508138822393431725674257602254466228"], "threshold":0.9}, "id":"ASB-A-278221085-b3b7f2a1", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/cff127c5bc4a47ef88df305380ee2a47318a865b", "target":{"file":"src/cff/cffobjs.c"}}, {"deprecated":false, "digest":{"function_hash":"14137216718106970246136568015492444008", "length":1609}, "id":"ASB-A-278221085-b727813d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/cff127c5bc4a47ef88df305380ee2a47318a865b", "target":{"file":"src/truetype/ttobjs.c", "function":"tt_size_reset"}}, {"deprecated":false, "digest":{"line_hashes":["145364366924425590219518521983329033169", "68142871592620668106314402612579791998", "201447733132229662289750970268520987621", "169112981881725159769014037267441691486"], "threshold":0.9}, "id":"ASB-A-278221085-db9b9d6f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/cff127c5bc4a47ef88df305380ee2a47318a865b", "target":{"file":"src/sfnt/ttmtx.c"}}, {"deprecated":false, "digest":{"function_hash":"202239639712452929050973163291306496817", "length":158}, "id":"ASB-A-278221085-dd628593", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/cff127c5bc4a47ef88df305380ee2a47318a865b", "target":{"file":"src/truetype/ttgxvar.c", "function":"tt_size_reset_iterator"}}, {"deprecated":false, "digest":{"line_hashes":["142455527820653412637995401532131440830", "99223605339911174262060758638054984662", "62709435095233081217464535688965412750", "228548069913936001005013816411843732507", "270894420811975680686069622533655428063", "48611576887173368830505257140691372944", "270666697925186130573574840092058686100", "232597752811959308048352319443009590919", "58327959179351350088176176809816885219", "180036002856009077810244268636340414327", "141695042590046758349931373652105577326", "93467927163614722088236419520647648086"], "threshold":0.9}, "id":"ASB-A-278221085-e0e92819", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/cff127c5bc4a47ef88df305380ee2a47318a865b", "target":{"file":"src/truetype/ttdriver.c"}}, {"deprecated":false, "digest":{"line_hashes":["334792182543929480383440716937799893058", "258180257979657888350280028259896639725", "162873756723190507393669055507779684841", "46595232233250072927193949654513017078", "272178452951171809466574156662523219664", "184040358191020242891585524322019043909", "201902892614878104016616455250943266200", "58116092668386983557237258348900550654", "314742669992965541050907643155907195962", "269037478919253106111773954805548860918", "132606668397991821099485138946836119193", "85798172646676082148869581285880396856", "313241533159674775445034787998539497966", "1702406214559525605452880513779145223", "199524786906517706386491048471307433389", "244412500514859629925283842199272197854", "141485887009303778048742366721876386819", "198254654977650575592595565550431883686", "235532050970349007933153649556969467390"], "threshold":0.9}, "id":"ASB-A-278221085-f80047a0", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/cff127c5bc4a47ef88df305380ee2a47318a865b", "target":{"file":"src/truetype/ttgxvar.c"}}, {"deprecated":false, "digest":{"line_hashes":["159704397783914659247322987605829329382", "12283751844868956727631642734607246720", "186268454761236019163515415303883073054", "19221572895774122230902721227951660256", "20020337565319798254968340705799518763", "187282161862936677128960735077132448120", "271393463880424899821245180176575203619", "219460479510803134620874433549808254546", "271739285475041500207352120016413028238", "167711708708847057319474804568801109467"], "threshold":0.9}, "id":"ASB-A-278221085-f9cce4c3", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/freetype/+/cff127c5bc4a47ef88df305380ee2a47318a865b", "target":{"file":"src/sfnt/sfobjs.c"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-08-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/external/freetype/+/a79e80a25874dacaa266906a9048f13d4bac41c6"}]}