Facebook issued a warning about a critical vulnerability affecting the widely used FreeType font rendering library. The vulnerability, tracked as CVE-2025-27363 and assigned a CVSS v3 score of 8.1 (“high”), allows for arbitrary code execution.
Facebook’s announcement confirms reports of active exploitation in the wild. This highlights the importance of keeping software updated and the potential impact of vulnerabilities on enterprise systems. For more on critical vulnerabilities, see our recent article on Critical PHP RCE vulnerability mass exploited in new attacks.
FreeType is an open-source library used to render text in various applications and systems, including Linux, Android, game engines, GUI frameworks, and online platforms. Its widespread adoption means a vulnerability like this poses a significant risk to a large number of systems. This vulnerability is a prime example of why regular security patching is essential for enterprise security.
The vulnerability exists in all versions of FreeType up to and including 2.13. The issue stems from an “out of bounds write” when parsing specific font structures.
“An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files,” the bulletin states.
“The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution.”
This vulnerability allows attackers to execute arbitrary code on affected systems, giving them significant control. The potential consequences range from data breaches and system compromise to complete control of the affected machine.
While the vulnerability was patched in FreeType version 2.13.0 on February 9th, 2023, older versions remain in use, making systems vulnerable to attacks.
“We report security bugs in open source software when we find them because it strengthens online security for everyone,”
Facebook said.
“We think users expect us to keep working on ways to improve security. We remain vigilant and committed to protecting people’s private communications.”
The company did not specify whether the attacks they observed targeted their own systems or other platforms. However, given the widespread use of FreeType, it is crucial for all organizations using this library to update to the latest version, 2.13.3, as quickly as possible. This is especially important considering that older software versions often persist in systems for extended periods.
Helpful Reads:
