CVE-2025-27363: Font Library FreeType Flaw Exploited in the Wild, Millions at Risk

A critical vulnerability in the widely used FreeType font rendering library has been revealed, potentially putting millions of devices at risk of remote code execution. The flaw, tracked as CVE-2025-27363, carries a high severity CVSS score of 8.1 and impacts FreeType versions 2.13.0 and below.

FreeType is a freely available software library to render fonts and designed to be small, efficient, highly customizable, and portable while capable of producing high-quality output (glyph images) of most vector and bitmap font formats. Its ubiquitous presence in numerous operating systems and software platforms makes this vulnerability particularly alarming.

The affected platforms include:

• Operating Systems: GNU/Linux, FreeBSD, NetBSD, ChromeOS, and ReactOS.
• Mobile Platforms: Android, Tizen, and iOS.
• Software Components: Ghostscript, and browser engines like Chromium, WebKit, Gecko, and Goanna.

The core of CVE-2025-27363 lies within the library’s handling of TrueType GX and variable font files. According to the advisory, “An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files.”

The technical details reveal a dangerous sequence of events: “The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution.”

In simpler terms, a malicious font file could trick FreeType into writing data beyond the allocated memory, potentially allowing attackers to execute arbitrary code on the affected system. This is a severe threat, as it could enable remote attackers to take control of devices simply by enticing users to open a specially crafted document or visit a malicious webpage.

The severity of the situation is further amplified by the advisory’s warning that “This vulnerability may have been exploited in the wild.” This means that attackers may already be actively exploiting this flaw, making immediate patching crucial.

Users and administrators are strongly advised to update their FreeType libraries to a patched version as soon as possible. Given the widespread use of FreeType, the potential impact of this vulnerability is significant, affecting a broad range of devices and software.

Related Posts:

• Microsoft warned that a PDF editor was carrying a mining program after being hacked
• Report Alleges Google Tracks Online Browsing Behavior Through Certain Free Fonts
• Canva Uncovers Critical Font Vulnerabilities, Exposes Cybersecurity Risks
• Developer exploited CVE-2022-46689 to overwrite fonts on unjailbroken iOS 16.1.2