Search for vulnerabilities
Vulnerability details: VCID-yt26-14rb-hfet
Vulnerability ID VCID-yt26-14rb-hfet
Aliases CVE-2025-27363
Summary An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3 8.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27363.json
epss 0.65211 https://api.first.org/data/v1/epss?cve=CVE-2025-27363
epss 0.65211 https://api.first.org/data/v1/epss?cve=CVE-2025-27363
epss 0.65211 https://api.first.org/data/v1/epss?cve=CVE-2025-27363
epss 0.65211 https://api.first.org/data/v1/epss?cve=CVE-2025-27363
epss 0.65211 https://api.first.org/data/v1/epss?cve=CVE-2025-27363
epss 0.65211 https://api.first.org/data/v1/epss?cve=CVE-2025-27363
epss 0.66823 https://api.first.org/data/v1/epss?cve=CVE-2025-27363
epss 0.66823 https://api.first.org/data/v1/epss?cve=CVE-2025-27363
epss 0.70718 https://api.first.org/data/v1/epss?cve=CVE-2025-27363
epss 0.70718 https://api.first.org/data/v1/epss?cve=CVE-2025-27363
epss 0.70718 https://api.first.org/data/v1/epss?cve=CVE-2025-27363
epss 0.70718 https://api.first.org/data/v1/epss?cve=CVE-2025-27363
epss 0.70718 https://api.first.org/data/v1/epss?cve=CVE-2025-27363
cvssv3.1 8.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.1 https://nvd.nist.gov/vuln/detail/CVE-2025-27363
archlinux High https://security.archlinux.org/AVG-2877
cvssv3.1 8.1 https://www.facebook.com/security/advisories/cve-2025-27363
ssvc Attend https://www.facebook.com/security/advisories/cve-2025-27363
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27363.json
https://api.first.org/data/v1/epss?cve=CVE-2025-27363
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27363
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2025/03/msg00030.html
https://source.android.com/docs/security/bulletin/2025-05-01
http://www.openwall.com/lists/oss-security/2025/03/13/1
http://www.openwall.com/lists/oss-security/2025/03/13/11
http://www.openwall.com/lists/oss-security/2025/03/13/12
http://www.openwall.com/lists/oss-security/2025/03/13/2
http://www.openwall.com/lists/oss-security/2025/03/13/3
http://www.openwall.com/lists/oss-security/2025/03/13/8
http://www.openwall.com/lists/oss-security/2025/03/14/1
http://www.openwall.com/lists/oss-security/2025/03/14/2
http://www.openwall.com/lists/oss-security/2025/03/14/3
http://www.openwall.com/lists/oss-security/2025/03/14/4
http://www.openwall.com/lists/oss-security/2025/05/06/3
2351357 https://bugzilla.redhat.com/show_bug.cgi?id=2351357
ASA-202505-11 https://security.archlinux.org/ASA-202505-11
AVG-2877 https://security.archlinux.org/AVG-2877
cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cve-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363
CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363
RHSA-2025:3382 https://access.redhat.com/errata/RHSA-2025:3382
RHSA-2025:3383 https://access.redhat.com/errata/RHSA-2025:3383
RHSA-2025:3384 https://access.redhat.com/errata/RHSA-2025:3384
RHSA-2025:3385 https://access.redhat.com/errata/RHSA-2025:3385
RHSA-2025:3386 https://access.redhat.com/errata/RHSA-2025:3386
RHSA-2025:3387 https://access.redhat.com/errata/RHSA-2025:3387
RHSA-2025:3393 https://access.redhat.com/errata/RHSA-2025:3393
RHSA-2025:3395 https://access.redhat.com/errata/RHSA-2025:3395
RHSA-2025:3407 https://access.redhat.com/errata/RHSA-2025:3407
RHSA-2025:3421 https://access.redhat.com/errata/RHSA-2025:3421
RHSA-2025:8195 https://access.redhat.com/errata/RHSA-2025:8195
RHSA-2025:8219 https://access.redhat.com/errata/RHSA-2025:8219
RHSA-2025:8253 https://access.redhat.com/errata/RHSA-2025:8253
RHSA-2025:8292 https://access.redhat.com/errata/RHSA-2025:8292
RHSA-2025:9380 https://access.redhat.com/errata/RHSA-2025:9380
USN-7352-1 https://usn.ubuntu.com/7352-1/
USN-7352-2 https://usn.ubuntu.com/7352-2/
Data source KEV
Date added May 6, 2025
Description FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files that may allow for arbitrary code execution.
Required action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due date May 27, 2025
Note 
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://source.android.com/docs/security/bulletin/2025-05-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-27363
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27363.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2025-27363
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:H/MI:H/MA:H Found at https://www.facebook.com/security/advisories/cve-2025-27363
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-05-07T03:55:53Z/ Found at https://www.facebook.com/security/advisories/cve-2025-27363
Exploit Prediction Scoring System (EPSS)
Percentile 0.98397
EPSS Score 0.65211
Published At Aug. 7, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:44:39.438675+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.22/main.json 37.0.0