How to fix CVE-2025-27363?

Within 24 hours: Identify all affected systems running FreeType and apply vendor patches immediately. If patching is delayed, consider network segmentation to limit exposure.

Is Redhat affected by CVE-2025-27363?

Organizations using FreeType face notable risk from CVE-2025-27363, a out-of-bounds write vulnerability rated CVSS 8.1. Exploitation could allow attackers to corrupt memory, crash the application, or potentially execute arbitrary code.

CVE-2025-27363

HIGH

2025-03-11 [email protected]

8.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 19:52 vuln.today

Added to CISA KEV

Oct 27, 2025 - 17:06 cisa

CISA KEV

CVE Published

Mar 11, 2025 - 14:15 nvd

HIGH 8.1

Description

An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

Analysis

A critical out-of-bounds write vulnerability in FreeType versions 2.13.0 and below affects font rendering across virtually all Linux distributions, Android devices, and applications embedding FreeType. The integer signedness error in TrueType GX/variable font parsing leads to heap buffer overflow, enabling arbitrary code execution when processing malicious fonts. KEV-listed with EPSS 76%, this vulnerability has been actively exploited.

Technical Context

The vulnerability occurs in FreeType's handling of subglyph structures in TrueType GX and variable font files. A signed short value is assigned to an unsigned long and combined with a static offset, causing integer wraparound. This results in a heap buffer allocation smaller than needed, and the subsequent write operation corrupts adjacent heap memory. The bug is triggered during font rendering, meaning any application that renders untrusted fonts (browsers, document viewers, image processors) is vulnerable.

Affected Products

['FreeType 2.13.0 and earlier', 'All Linux distributions shipping vulnerable FreeType', 'Android devices', 'Applications embedding FreeType (Chrome, Firefox, LibreOffice, etc.)']

Remediation

Update FreeType to version 2.13.1 or later. For Linux distributions, apply security updates from your package manager. Android devices should apply the latest security patch level. Applications embedding FreeType statically must rebuild against the fixed version.

Priority Score

167

Low Medium High Critical

KEV: +50

EPSS: +76.2

CVSS: +40

POC: 0

Vendor Status

CVE-2025-27363 vulnerability details – vuln.today

Back

CVE-2025-27363

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-27363

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code