CVE-2025-27363

HIGH 8.1

⚠️ CISA KEV

CVSS Score

8.1

EPSS Score

63.4%

EPSS Percentile

98th

An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

Vendor	freetype
Product	freetype
Published	Mar 11, 2025
Last Updated	Apr 16, 2026

⚠️ Actively Exploited — Act Now

Get instant alerts for freetype freetype

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2025-27363.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:H/MI:H/MA:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

FreeType / FreeType

0.0.0 ≤ 2.13.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗