FreeType<2.13 OOB Write in TrueType GX parsing – arbitrary code exec
CVE-2025-27363 Published on March 11, 2025
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
Known Exploited Vulnerability
This FreeType Out-of-Bounds Write Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files that may allow for arbitrary code execution.
The following remediation steps are recommended / required by May 27, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Weakness Type
What is a Memory Corruption Vulnerability?
The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
CVE-2025-27363 has been classified to as a Memory Corruption vulnerability or weakness.
Products Associated with CVE-2025-27363
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-27363 are published in these products:
Affected Versions
FreeType:- Version 0.0.0, <= 2.13.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.