Home Run! Out-Of-Bounds Write Discovered In FreeType

  • Post author:
  • Reading time:5 mins read

The FreeType font rendering library is vulnerable! CVE-2025-27363, which boasts a CVSS score of 8.1, could result in a developer’s worst nightmare: arbitrary code execution by a remote, unauthenticated attacker. The vendor has acknowledged that this out-of-bounds write flaw may have been actively exploited.

What is FreeType?

Before you read about FreeType, take a look at this list:

  • GNU/Linux 
  • Unix operating system derivates like FreeBSD or NetBSD
  • Android, Tizen, and Roku
  • iOS
  • ChromeOS
  • ReactOS
  • Ghostscript, used in many printers
  • Web browser engines like Chromium, WebKit, Gecko, and Goanna

Even if you don’t recognize FreeType, you probably recognize some names on this list. There’s a good chance you own devices that run some of them.

Every technology on that list uses FreeType and was taken directly from their website.

FreeType is an open-source font rendering library written in C. It renders high-quality fonts for a wide array of products used in over a billion devices, many of which might be impacted by this vulnerability.

What is this vulnerability?

There are (so far) no details on how the flaw can be exploited, but here’s what we do know:

CVE-2025-27363 is triggered when FreeType attempts to parse font subglyph structures associated with TrueType GX and variable font files. A signed short value is assigned to an unsigned long value (which can be much larger), then adds a static value, which causes it to wrap around to the smallest value and allocate a much smaller heap buffer than required.

The long and short of it is this: the code now writes up to 6 signed long integers beyond what the buffer can handle, leading to an out-of-bounds write. An attacker can use this to execute arbitrary code.

Impact and Products Affected

FreeType versions 2.13.0 and below are affected by CVE-2025-27363. Though the vendor has stated that the flaw was patched two years ago, there are still many Linux distributions running a vulnerable version of the library, like the following:

  • AlmaLinux
  • Alpine Linux
  • Amazon Linux 2
  • Debian stable / Devuan
  • RHEL / CentOS Stream / Alma Linux / etc. 8 and 9
  • GNU Guix
  • Mageia
  • OpenMandriva
  • openSUSE Leap
  • Slackware
  • Ubuntu 22.04

Anyone using these distributions is under threat of exploitation and should upgrade to the patched version.

Solution

Newer versions (above 2.13.0) are not vulnerable, and the vendor recommends updating FreeType instances to 2.13.3, the latest release.

Instantly Fix Risks with SanerNow Patch Management

SanerNow patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. SanerNow patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.