diff --git a/freetype-fix-cve-CVE-2025-27363.patch b/freetype-fix-cve-CVE-2025-27363.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a67c5763c7729111b19ca24cd7125a3f27ea01ee
--- /dev/null
+++ b/freetype-fix-cve-CVE-2025-27363.patch
@@ -0,0 +1,49 @@
+From ba1c02cf415a589d20aefe6ef3037e38bdeb92d6 Mon Sep 17 00:00:00 2001
+From: zhuhongbo <zhuhongbo@uniontech.com>
+Date: Mon, 14 Jul 2025 14:33:55 +0800
+Subject: [PATCH] fix cve CVE-2025-27363
+
+---
+ include/freetype/internal/ftmemory.h | 7 +++----
+ src/sfnt/ttload.c                    | 3 +++
+ 2 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/include/freetype/internal/ftmemory.h b/include/freetype/internal/ftmemory.h
+index 59e5b58..58f5e16 100644
+--- a/include/freetype/internal/ftmemory.h
++++ b/include/freetype/internal/ftmemory.h
+@@ -336,14 +336,13 @@ extern "C++"
+ #define FT_RENEW_ARRAY( ptr, curcnt, newcnt )                           \
+           FT_MEM_SET_ERROR( FT_MEM_RENEW_ARRAY( ptr, curcnt, newcnt ) )
+ 
+-#define FT_QNEW( ptr )                           \
+-          FT_MEM_SET_ERROR( FT_MEM_QNEW( ptr ) )
++#define FT_QNEW( ptr ) FT_MEM_SET_ERROR( FT_MEM_QNEW( ptr ) )
+ 
+ #define FT_QNEW_ARRAY( ptr, count )                          \
+-          FT_MEM_SET_ERROR( FT_MEM_NEW_ARRAY( ptr, count ) )
++          FT_MEM_SET_ERROR( FT_MEM_QNEW_ARRAY( ptr, count ) )
+ 
+ #define FT_QRENEW_ARRAY( ptr, curcnt, newcnt )                          \
+-          FT_MEM_SET_ERROR( FT_MEM_RENEW_ARRAY( ptr, curcnt, newcnt ) )
++          FT_MEM_SET_ERROR( FT_MEM_QRENEW_ARRAY( ptr, curcnt, newcnt ) )
+ 
+ 
+   FT_BASE( FT_Pointer )
+diff --git a/src/sfnt/ttload.c b/src/sfnt/ttload.c
+index f9e4a8d..bdab757 100644
+--- a/src/sfnt/ttload.c
++++ b/src/sfnt/ttload.c
+@@ -960,6 +960,9 @@
+           }
+         }
+ 
++        /* mark the string as not yet converted */
++        entry->string = NULL;
++
+         entry++;
+       }
+ 
+-- 
+2.39.3
+
diff --git a/freetype.spec b/freetype.spec
index 444c1a159364d5d19b35eb7feeb1acfe0fad9815..d0aef2c5b59ff3502e5d1c02bbe4a9ec8f8323c2 100644
--- a/freetype.spec
+++ b/freetype.spec
@@ -7,7 +7,7 @@
 Summary: A free and portable font rendering engine
 Name: freetype
 Version: 2.8
-Release: 14%{?dist}.1
+Release: 15%{?dist}.1
 License: (FTL or GPLv2+) and BSD and MIT and Public Domain and zlib with acknowledgement
 Group: System Environment/Libraries
 URL: http://www.freetype.org
@@ -53,6 +53,7 @@ Patch13:  freetype-2.8-bw-hinting.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1890210
 Patch14:  freetype-2.8-png-bitmap-size.patch
 Patch15:  freetype-2.8-png-memory-leak.patch
+Patch16:  freetype-fix-cve-CVE-2025-27363.patch
 
 BuildRequires: libX11-devel
 BuildRequires: libpng-devel
@@ -125,6 +126,7 @@ popd
 %patch13 -p1 -b .bw-hinting
 %patch14 -p1 -b .png-bitmap-size
 %patch15 -p1 -b .png-memory-leak
+%patch16 -p1 -b .cve-CVE-2025-27363
 
 %build
 
@@ -240,6 +242,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.{a,la}
 %{_mandir}/man1/*
 
 %changelog
+* Mon Jul 14 2025 zhuhongbo <zhuhongbo@uniontech.com> - 2.8-15.el7_9.1
+- fix: fix cve CVE-2025-27363
+
 * Fri Oct 30 2020 Marek Kasik <mkasik@redhat.com> - 2.8-14.el7_9.1
 - Test bitmap size earlier for PNGs
 - Fix memory leak in pngshim.c