CVE-2025-27363HIGH 8.1CISA KEVEPSS p97.5%

CVE-2025-27363FreeType Out-of-Bounds Write Vulnerability

FreeType / FreeType

Description

FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files that may allow for arbitrary code execution.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS23.36% probability of exploitation · percentile 97.5% · 2026-06-18T12:00:27Z
Published2025-03-11
Last modified2026-04-20

CISA KEV entry

Added to KEV: 2025-05-06

Underlying weaknesses· 1

CWE-787

References

  1. https://www.facebook.com/security/advisories/cve-2025-27363
  2. http://www.openwall.com/lists/oss-security/2025/03/13/1
  3. http://www.openwall.com/lists/oss-security/2025/03/13/11
  4. http://www.openwall.com/lists/oss-security/2025/03/13/12
  5. http://www.openwall.com/lists/oss-security/2025/03/13/2
  6. http://www.openwall.com/lists/oss-security/2025/03/13/3
  7. http://www.openwall.com/lists/oss-security/2025/03/13/8
  8. http://www.openwall.com/lists/oss-security/2025/03/14/1

1

TypeTargetConfidenceTier
WeaknessOut-of-bounds Writecwe-7870%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryFreeType Out-of-Bounds Write Vulnerabilitykev-cve-2025-273630%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability
CVE
CVE-2025-27796
CVE
CVE-2025-5099
CVE
Google Chrome FreeType Heap Buffer Overflow Vulnerability
CVE
CVE-2026-0122
CVE
CVE-2026-25276
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.