Fluid Attacks Database

Description

arbitrary code execution

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.22	freetype	=2.10.0-r0 \|\| =2.10.1-r0 \|\| =2.10.2-r0 \|\| =2.10.3-r0 \|\| =2.10.4-r0 \|\| =2.10.4-r1 \|\| =2.11.0-r0 \|\| =2.11.1-r0 \|\| =2.11.1-r1 \|\| =2.12.1-r0 \|\| =2.12.1-r1 \|\| =2.13.0-r0 \|\| =2.13.0-r1 \|\| =2.13.0-r2 \|\| =2.13.0-r3 \|\| =2.13.0-r4 \|\| =2.13.0-r5 \|\| =2.13.0-r6 \|\| =2.3.12-r0 \|\| =2.3.8-r0 \|\| =2.3.8-r1 \|\| =2.4.0-r0 \|\| =2.4.1-r0 \|\| =2.4.10-r0 \|\| =2.4.11-r0 \|\| =2.4.12-r0 \|\| =2.4.2-r0 \|\| =2.4.3-r0 \|\| =2.4.4-r0 \|\| =2.4.4-r1 \|\| =2.4.4-r2 \|\| =2.4.4-r3 \|\| =2.4.5-r0 \|\| =2.4.5-r1 \|\| =2.4.6-r0 \|\| =2.4.7-r0 \|\| =2.4.8-r0 \|\| =2.4.9-r0 \|\| =2.5.0.1-r0 \|\| =2.5.0.1-r1 \|\| =2.5.1-r0 \|\| =2.5.1-r1 \|\| =2.5.1-r2 \|\| =2.5.2-r0 \|\| =2.5.2-r1 \|\| =2.5.3-r0 \|\| =2.5.4-r0 \|\| =2.5.5-r0 \|\| =2.6-r0 \|\| =2.6-r1 \|\| =2.6-r2 \|\| =2.6-r3 \|\| =2.6-r4 \|\| =2.6.2-r0 \|\| =2.6.3-r0 \|\| =2.7-r0 \|\| =2.7.1-r0 \|\| =2.7.1-r1 \|\| =2.8-r0 \|\| =2.8-r1 \|\| =2.8-r2 \|\| =2.8-r3 \|\| =2.8.1-r0 \|\| =2.8.1-r1 \|\| =2.8.1-r2 \|\| =2.8.1-r3 \|\| =2.9-r0 \|\| =2.9-r1 \|\| =2.9.1-r0 \|\| =2.9.1-r1 \|\| =2.9.1-r2 \|\| >=0 <2.13.1-r0	2.13.1-r0
debian 13	freetype	>=0 <2.13.1+dfsg-1	2.13.1+dfsg-1
debian 11	freetype	=2.10.4+dfsg-1 \|\| =2.10.4+dfsg-1+deb11u1 \|\| >=0 <2.10.4+dfsg-1+deb11u2	2.10.4+dfsg-1+deb11u2
debian 12	freetype	=2.12.1+dfsg-5 \|\| =2.12.1+dfsg-5+deb12u1 \|\| =2.12.1+dfsg-5+deb12u2 \|\| =2.12.1+dfsg-5+deb12u3 \|\| >=0 <2.12.1+dfsg-5+deb12u4	2.12.1+dfsg-5+deb12u4
debian 14	freetype	>=0 <2.13.1+dfsg-1	2.13.1+dfsg-1
alpine v3.23	freetype	=2.10.0-r0 \|\| =2.10.1-r0 \|\| =2.10.2-r0 \|\| =2.10.3-r0 \|\| =2.10.4-r0 \|\| =2.10.4-r1 \|\| =2.11.0-r0 \|\| =2.11.1-r0 \|\| =2.11.1-r1 \|\| =2.12.1-r0 \|\| =2.12.1-r1 \|\| =2.13.0-r0 \|\| =2.13.0-r1 \|\| =2.13.0-r2 \|\| =2.13.0-r3 \|\| =2.13.0-r4 \|\| =2.13.0-r5 \|\| =2.13.0-r6 \|\| =2.3.12-r0 \|\| =2.3.8-r0 \|\| =2.3.8-r1 \|\| =2.4.0-r0 \|\| =2.4.1-r0 \|\| =2.4.10-r0 \|\| =2.4.11-r0 \|\| =2.4.12-r0 \|\| =2.4.2-r0 \|\| =2.4.3-r0 \|\| =2.4.4-r0 \|\| =2.4.4-r1 \|\| =2.4.4-r2 \|\| =2.4.4-r3 \|\| =2.4.5-r0 \|\| =2.4.5-r1 \|\| =2.4.6-r0 \|\| =2.4.7-r0 \|\| =2.4.8-r0 \|\| =2.4.9-r0 \|\| =2.5.0.1-r0 \|\| =2.5.0.1-r1 \|\| =2.5.1-r0 \|\| =2.5.1-r1 \|\| =2.5.1-r2 \|\| =2.5.2-r0 \|\| =2.5.2-r1 \|\| =2.5.3-r0 \|\| =2.5.4-r0 \|\| =2.5.5-r0 \|\| =2.6-r0 \|\| =2.6-r1 \|\| =2.6-r2 \|\| =2.6-r3 \|\| =2.6-r4 \|\| =2.6.2-r0 \|\| =2.6.3-r0 \|\| =2.7-r0 \|\| =2.7.1-r0 \|\| =2.7.1-r1 \|\| =2.8-r0 \|\| =2.8-r1 \|\| =2.8-r2 \|\| =2.8-r3 \|\| =2.8.1-r0 \|\| =2.8.1-r1 \|\| =2.8.1-r2 \|\| =2.8.1-r3 \|\| =2.9-r0 \|\| =2.9-r1 \|\| =2.9.1-r0 \|\| =2.9.1-r1 \|\| =2.9.1-r2 \|\| >=0 <2.13.1-r0	2.13.1-r0
rpm rhel9.4	freetype	<0:2.10.4-10.el9_4	0:2.10.4-10.el9_4
rpm rhel8.8	spice-client-win	<0:8.8-5.el8_8	0:8.8-5.el8_8
rpm rhel9.2	freetype	<0:2.10.4-10.el9_2	0:2.10.4-10.el9_2
rpm rhel8	freetype	<0:2.9.1-10.el8_10	0:2.9.1-10.el8_10

1-10 of 17

Aliases

1. CVE-2025-273632. NVD-2025-273633. OSV-ALPINE-2025-273634. OSV-2025-273635. OSV-DEBIAN-2025-273636. SECURITY-CVE-2025-273637. SECURITY-TRACKER-CVE-2025-27363

References

1. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-273632. https://github.com/zhuowei/CVE-2025-27363-proof-of-concept

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.