Login Sign Up

CVE-2023-21287

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This CVE describes a type confusion vulnerability in Android's FreeType library that allows remote code execution without user interaction. Attackers can exploit this to execute arbitrary code on affected devices. All Android devices using vulnerable FreeType versions are potentially affected.

💻 Affected Systems

Products:
  • Android devices with FreeType library
Versions: Android versions prior to August 2023 security patch
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices using FreeType for font rendering; most Android devices are vulnerable by default

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise allowing attacker to install malware, steal data, or join botnets

🟠

Likely Case

Remote code execution leading to data theft, surveillance, or ransomware deployment

🟢

If Mitigated

Limited impact if devices are patched, isolated, or have exploit mitigations enabled

🌐 Internet-Facing: HIGH - Exploitable remotely without authentication
🏢 Internal Only: MEDIUM - Still exploitable via internal network but requires initial access

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Type confusion vulnerabilities often lead to reliable exploitation; no authentication required

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: August 2023 Android Security Patch or later

Vendor Advisory: https://source.android.com/security/bulletin/2023-08-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install August 2023 or later security patch. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable untrusted font sources

android

Prevent loading fonts from untrusted sources to reduce attack surface

🧯 If You Can't Patch

  • Network segmentation to isolate vulnerable devices
  • Implement application allowlisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch date is August 2023 or later in device settings

📡 Detection & Monitoring

Log Indicators:

  • Unexpected FreeType library crashes
  • Suspicious font file processing

Network Indicators:

  • Unusual font file downloads from external sources

SIEM Query:

process_name:"freetype" AND (event_type:crash OR suspicious_file_extension:(".ttf" ".otf"))

📊 Metadata

CVE ID: CVE-2023-21287
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-843
Published: August 14, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-21287, you might also want to check these:

CVE-2025-47151 9.8

A type confusion vulnerability in Entr'ouvert Lasso's SAML parsing allows remote code execution when...

Same vulnerability type (CWE-843)
CVE-2025-65570 9.8

A type confusion vulnerability in jsish 2.0 allows incorrect control flow during execution of the OP...

Same vulnerability type (CWE-843)
CVE-2023-42464 9.8

A Type Confusion vulnerability in Netatalk's afpd service allows remote attackers to potentially exe...

Same vulnerability type (CWE-843)