Vulnerability in FreeType library under active exploitation
Take action: If you are using FreeType library, review your code and assess the possibility for exploit. Ideally, update your FreeType library, but at least make a proper risk assessment before you make the decision.
Learn More
A vulnerability in the FreeType library a widely used open-source font rendering engine that powers numerous applications and systems is actively exploited.
FreeType is a free and open-source software library used for rendering fonts onto bitmaps and supporting various font-related operations.
This vulnerability is tracked as CVE-2025-27363 (CVSS score 8.1) and exists in FreeType versions 2.13.0 and below, in the component that parses font subglyph structures related to TrueType GX and variable font files and enable out-of-bounds write vulnerability can potentially lead to:
- Arbitrary code execution
- Unauthorized access to vulnerable systems
- Significant security breaches
- Potential data compromise
Affected Products: FreeType library 2.13.0 and below
Users are advised to update FreeType Library to a version newer than 2.13.0
