Google Project Zero analyzed CVE-2023-26369, an Adobe Acrobat Reader remote code execution flaw triggered by malformed TrueType font bitmap tables processed by libCoolType. The write-up says the bug was exploited in the wild by government-backed actors in North Korea, although later stages such as a sandbox escape were not recovered. The vulnerability is a heap out-of-bounds write in sfac_GetSbitBitmap, where glyph offsets were merged into a bitmap buffer without sufficient bounds checks. The exploit strategy corrupted adjacent EScript objects from a PDF, built arbitrary read and write primitives, and used ROP and shellcode to gain execution inside Reader.