Freetype Freetype

  1. Vendors
  2. Freetype

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Freetype product.

RSS Feeds for Freetype security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Freetype products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Freetype Sorted by Most Security Vulnerabilities since 2018

Freetype62 vulnerabilities

Freetype21 vulnerability

Known Exploited Freetype Vulnerabilities

The following Freetype vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
FreeType Out-of-Bounds Write Vulnerability FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files that may allow for arbitrary code execution.
CVE-2025-27363 Exploit Probability: 65.0% 		May 6, 2025

The vulnerability CVE-2025-27363: FreeType Out-of-Bounds Write Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.

By the Year

In 2026 there have been 1 vulnerability in Freetype with an average score of 5.3 out of ten. Last year, in 2025 Freetype had 2 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Freetype in 2026 could surpass last years number. Last year, the average CVE base score was greater by 1.85




Year Vulnerabilities Average Score
2026 1 5.30
2025 2 7.15
2024 0 0.00
2023 0 0.00
2022 3 8.27
2021 0 0.00
2020 1 9.60
2019 1 0.00
2018 1 0.00

It may take a day or so for new Freetype vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Freetype Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-23865 Mar 02, 2026
Freetype Integer Overflow in tt_var_load_item_variation_store (v2.13.22.13.3) An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
Freetype
CVE-2025-27363 Mar 11, 2025
FreeType<2.13 OOB Write in TrueType GX parsing – arbitrary code exec An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
Freetype
CVE-2025-23022 Jan 10, 2025
FreeType 2.8.1 Signed Integer Overflow in cf2_doFlex FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c.
Freetype
CVE-2022-27404 Apr 22, 2022
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.
Freetype
CVE-2022-27406 Apr 22, 2022
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.
Freetype
CVE-2022-27405 Apr 22, 2022
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.
Freetype
CVE-2020-15999 Nov 03, 2020
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Freetype2
Freetype
CVE-2015-9383 Sep 03, 2019
FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c. FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c.
Freetype
CVE-2018-6942 Feb 13, 2018
An issue was discovered in FreeType 2 through 2.9 An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.
Freetype
CVE-2017-8287 Apr 27, 2017
FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.
Freetype
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.