Meta Warns of Exploited FreeType Vulnerability Affecting Multiple Linux Distributions

Meta has issued a security alert regarding a high-severity vulnerability in the FreeType open-source font rendering library, warning that it may have been actively exploited.

Critical FreeType Flaw (CVE-2025-27363)

The vulnerability, tracked as CVE-2025-27363, has been assigned a CVSS score of 8.1, indicating a serious security risk. The flaw is an out-of-bounds write issue that could enable remote code execution (RCE) when processing maliciously crafted font files.

According to Meta's advisory, the issue arises when parsing TrueType GX and variable font files, due to an incorrect memory allocation caused by a type mismatch:

• A signed short value is assigned to an unsigned long, leading to incorrect buffer allocation.
• The system then writes out-of-bounds beyond the allocated buffer, potentially allowing an attacker to execute arbitrary code on a target system.

Active Exploitation & Widespread Impact

Meta has not disclosed specific details about the attacks, who is responsible, or the scale of exploitation, but has confirmed that the flaw may have been exploited in the wild.

Security researcher Werner Lemberg noted that a fix has been available for nearly two years, with FreeType versions 2.13.1 and above no longer affected. However, many popular Linux distributions are still running outdated FreeType versions, leaving them vulnerable:

• AlmaLinux
• Alpine Linux
• Amazon Linux 2
• Debian stable / Devuan
• RHEL / CentOS Stream / Alma Linux 8 and 9
• GNU Guix
• Mageia
• OpenMandriva
• openSUSE Leap
• Slackware
• Ubuntu 22.04

Recommended Actions

Users and administrators are urged to update FreeType to version 2.13.3 as soon as possible to mitigate the risk of exploitation. Given the active nature of this threat, keeping Linux distributions up to date is critical to prevent potential security breaches.