An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

vendor_unpatched cve-2025-27363: Unpatched CVEs for Debian Linux (cve-2025-27363)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-3395 advisory.

    [2.8-14.0.1.el7_9.1]
    - Fix CVE-2025-27363 Out-of-bounds Write [Orabug: 37770275][CVE-2025-27363]

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An update of the freetype2 package has been released.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3387 advisory.

    FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType     loads, hints, and renders individual glyphs efficiently.

    Security Fix(es):

    * freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and     variable font files (CVE-2025-27363)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3384 advisory.

    FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType     loads, hints, and renders individual glyphs efficiently.

    Security Fix(es):

    * freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and     variable font files (CVE-2025-27363)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3382 advisory.

    FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType     loads, hints, and renders individual glyphs efficiently.

    Security Fix(es):

    * freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and     variable font files (CVE-2025-27363)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3386 advisory.

    FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType     loads, hints, and renders individual glyphs efficiently.

    Security Fix(es):

    * freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and     variable font files (CVE-2025-27363)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3385 advisory.

    FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType     loads, hints, and renders individual glyphs efficiently.

    Security Fix(es):

    * freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and     variable font files (CVE-2025-27363)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3393 advisory.

    FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType     loads, hints, and renders individual glyphs efficiently.

    Security Fix(es):

    * freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and     variable font files (CVE-2025-27363)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3383 advisory.

    FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType     loads, hints, and renders individual glyphs efficiently.

    Security Fix(es):

    * freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and     variable font files (CVE-2025-27363)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3395 advisory.

    FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType     loads, hints, and renders individual glyphs efficiently.

    Security Fix(es):

    * freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and     variable font files (CVE-2025-27363)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3407 advisory.

    FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType     loads, hints, and renders individual glyphs efficiently.

    Security Fix(es):

    * freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and     variable font files (CVE-2025-27363)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of freetype installed on the remote host is prior to 2.8-14. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2806 advisory.

    FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c. (CVE-2025-23022)

    An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph     structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short     value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of     a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer.
    This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
    (CVE-2025-27363)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3421 advisory.

    FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType     loads, hints, and renders individual glyphs efficiently.

    Security Fix(es):

    * freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and     variable font files (CVE-2025-27363)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:3421 advisory.

    * freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and     variable font files (CVE-2025-27363)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-3407 advisory.

    - Fix for CVE-2025-27363 out-of-bound write vulnerability

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-3421 advisory.

    - Fix CVE-2025-27363 Out-of-bounds Write

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4104 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-4104-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                          Adrian Bunk     April 01, 2025                                https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : freetype     Version        : 2.10.4+dfsg-1+deb11u2     CVE ID         : CVE-2025-27363

    An out of bounds write with subglyph structures has been fixed in     the font rendering library FreeType.

    For Debian 11 bullseye, this problem has been fixed in version     2.10.4+dfsg-1+deb11u2.

    We recommend that you upgrade your freetype packages.

    For the detailed security status of freetype please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/freetype

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0998-1 advisory.

    - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font       subglyph structures related to TrueType GX and variable font files (bsc#1239465).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of freetype installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27363 advisory.

  - An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not     vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font     files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value     causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed     long integers out of bounds relative to this buffer. This May result in arbitrary code execution. This     vulnerability May have been exploited in the wild. (CVE-2025-27363)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:0960-1 advisory.

    - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font       subglyph structures related to TrueType GX and variable font files (bsc#1239465).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7352-1 advisory.

    It was discovered that FreeType incorrectly handled certain memory operations when parsing font subglyph     structures. A remote attacker could use this issue to cause FreeType to crash, resulting in a denial of     service, or possibly execute arbitrary code.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5880 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5880-1                   security@debian.org     https://www.debian.org/security/                     Salvatore Bonaccorso     March 17, 2025                        https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : freetype     CVE ID         : CVE-2025-27363

    An out-of-bounds write vulnerability when attempting to parse font     subglyph structures related to TrueType GX and variable font files was     discovered in FreeType, which may result in the execution of arbitrary     code when processing specially crafted fonts.

    For the stable distribution (bookworm), this problem has been fixed in     version 2.12.1+dfsg-5+deb12u4.

    We recommend that you upgrade your freetype packages.

    For the detailed security status of freetype please refer to its     security tracker page at:
    https://security-tracker.debian.org/tracker/freetype

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
234317	Oracle Linux 7 : freetype (ELSA-2025-3395)	Nessus	Oracle Linux Local Security Checks	high
234312	Photon OS 5.0: Freetype2 PHSA-2025-5.0-0499	Nessus	PhotonOS Local Security Checks	high
233928	RHEL 9 : freetype (RHSA-2025:3387)	Nessus	Red Hat Local Security Checks	high
233926	RHEL 9 : freetype (RHSA-2025:3384)	Nessus	Red Hat Local Security Checks	high
233921	RHEL 8 : freetype (RHSA-2025:3382)	Nessus	Red Hat Local Security Checks	high
233920	RHEL 8 : freetype (RHSA-2025:3386)	Nessus	Red Hat Local Security Checks	high
233914	RHEL 8 : freetype (RHSA-2025:3385)	Nessus	Red Hat Local Security Checks	high
233912	RHEL 8 : freetype (RHSA-2025:3393)	Nessus	Red Hat Local Security Checks	high
233907	RHEL 9 : freetype (RHSA-2025:3383)	Nessus	Red Hat Local Security Checks	high
233903	RHEL 7 : freetype (RHSA-2025:3395)	Nessus	Red Hat Local Security Checks	high
233901	RHEL 9 : freetype (RHSA-2025:3407)	Nessus	Red Hat Local Security Checks	high
233690	Amazon Linux 2 : freetype (ALAS-2025-2806)	Nessus	Amazon Linux Local Security Checks	medium
233678	RHEL 8 : freetype (RHSA-2025:3421)	Nessus	Red Hat Local Security Checks	high
233665	AlmaLinux 8 : freetype (ALSA-2025:3421)	Nessus	Alma Linux Local Security Checks	high
233655	Oracle Linux 9 : freetype (ELSA-2025-3407)	Nessus	Oracle Linux Local Security Checks	high
233654	Oracle Linux 8 : freetype (ELSA-2025-3421)	Nessus	Oracle Linux Local Security Checks	high
233597	Debian dla-4104 : freetype2-demos - security update	Nessus	Debian Local Security Checks	high
233350	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : freetype2 (SUSE-SU-2025:0998-1)	Nessus	SuSE Local Security Checks	high
233117	CBL Mariner 2.0 Security Update: freetype (CVE-2025-27363)	Nessus	MarinerOS Local Security Checks	high
233030	SUSE SLES12 Security Update : freetype2 (SUSE-SU-2025:0960-1)	Nessus	SuSE Local Security Checks	high
232846	Ubuntu 20.04 LTS / 22.04 LTS : FreeType vulnerability (USN-7352-1)	Nessus	Ubuntu Local Security Checks	high
232845	Debian dsa-5880 : freetype2-demos - security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2025-27363

high

Tenable Plugins

Coming Soon

high

high

high

high

high

high

high

high

high

high

high

medium

high

high

high

high

high

high

high

high

high

high