diff --git a/SOURCES/freetype-2.10.4-cve-2025-27363.patch b/SOURCES/freetype-2.10.4-cve-2025-27363.patch
new file mode 100644
index 0000000..616da23
--- /dev/null
+++ b/SOURCES/freetype-2.10.4-cve-2025-27363.patch
@@ -0,0 +1,168 @@
+--- a/src/truetype/ttgload.c
++++ b/src/truetype/ttgload.c
+@@ -972,7 +972,7 @@
+ 
+     if ( !IS_DEFAULT_INSTANCE( FT_FACE( loader->face ) ) )
+     {
+-      if ( FT_NEW_ARRAY( unrounded, n_points ) )
++      if ( FT_QNEW_ARRAY( unrounded, n_points ) )
+         goto Exit;
+ 
+       /* Deltas apply to the unscaled data. */
+@@ -1941,33 +1941,25 @@
+       if ( FT_IS_NAMED_INSTANCE( FT_FACE( face ) ) ||
+            FT_IS_VARIATION( FT_FACE( face ) )      )
+       {
+-        short        i, limit;
++        FT_UShort    i, limit;
+         FT_SubGlyph  subglyph;
+ 
+-        FT_Outline  outline;
+-        FT_Vector*  points    = NULL;
+-        char*       tags      = NULL;
+-        short*      contours  = NULL;
++        FT_Outline  outline = { 0, 0, NULL, NULL, NULL, 0 };
+         FT_Vector*  unrounded = NULL;
+ 
+ 
+-        limit = (short)gloader->current.num_subglyphs;
++        limit = (FT_UShort)gloader->current.num_subglyphs;
+ 
+         /* construct an outline structure for              */
+         /* communication with `TT_Vary_Apply_Glyph_Deltas' */
+-        outline.n_points   = (short)( gloader->current.num_subglyphs + 4 );
+-        outline.n_contours = outline.n_points;
+-
+-        outline.points   = NULL;
+-        outline.tags     = NULL;
+-        outline.contours = NULL;
+-
+-        if ( FT_NEW_ARRAY( points, outline.n_points )    ||
+-             FT_NEW_ARRAY( tags, outline.n_points )      ||
+-             FT_NEW_ARRAY( contours, outline.n_points )  ||
+-             FT_NEW_ARRAY( unrounded, outline.n_points ) )
++	if ( FT_QNEW_ARRAY( outline.points, limit + 4 ) ||
++	     FT_QNEW_ARRAY( outline.tags, limit )       ||
++	     FT_QNEW_ARRAY( outline.contours, limit )   ||
++	     FT_QNEW_ARRAY( unrounded, limit + 4 )      )
+           goto Exit1;
+ 
++	outline.n_contours = outline.n_points = limit;
++
+         subglyph = gloader->current.subglyphs;
+ 
+         for ( i = 0; i < limit; i++, subglyph++ )
+@@ -1975,38 +1967,16 @@
+           /* applying deltas for anchor points doesn't make sense, */
+           /* but we don't have to specially check this since       */
+           /* unused delta values are zero anyways                  */
+-          points[i].x = subglyph->arg1;
+-          points[i].y = subglyph->arg2;
+-          tags[i]     = 1;
+-          contours[i] = i;
++          outline.points[i].x = subglyph->arg1;
++          outline.points[i].y = subglyph->arg2;
++          outline.tags[i]     = ON_CURVE_POINT;
++          outline.contours[i] = i;
+         }
+ 
+-        points[i].x = loader->pp1.x;
+-        points[i].y = loader->pp1.y;
+-        tags[i]     = 1;
+-        contours[i] = i;
+-
+-        i++;
+-        points[i].x = loader->pp2.x;
+-        points[i].y = loader->pp2.y;
+-        tags[i]     = 1;
+-        contours[i] = i;
+-
+-        i++;
+-        points[i].x = loader->pp3.x;
+-        points[i].y = loader->pp3.y;
+-        tags[i]     = 1;
+-        contours[i] = i;
+-
+-        i++;
+-        points[i].x = loader->pp4.x;
+-        points[i].y = loader->pp4.y;
+-        tags[i]     = 1;
+-        contours[i] = i;
+-
+-        outline.points   = points;
+-        outline.tags     = tags;
+-        outline.contours = contours;
++	outline.points[i++] = loader->pp1;
++	outline.points[i++] = loader->pp2;
++	outline.points[i++] = loader->pp3;
++	outline.points[i  ] = loader->pp4;
+ 
+         /* this call provides additional offsets */
+         /* for each component's translation      */
+@@ -2024,20 +1994,20 @@
+         {
+           if ( subglyph->flags & ARGS_ARE_XY_VALUES )
+           {
+-            subglyph->arg1 = (FT_Int16)points[i].x;
+-            subglyph->arg2 = (FT_Int16)points[i].y;
++            subglyph->arg1 = (FT_Int16)outline.points[i].x;
++            subglyph->arg2 = (FT_Int16)outline.points[i].y;
+           }
+         }
+ 
+-        loader->pp1.x = points[i + 0].x;
+-        loader->pp1.y = points[i + 0].y;
+-        loader->pp2.x = points[i + 1].x;
+-        loader->pp2.y = points[i + 1].y;
+-
+-        loader->pp3.x = points[i + 2].x;
+-        loader->pp3.y = points[i + 2].y;
+-        loader->pp4.x = points[i + 3].x;
+-        loader->pp4.y = points[i + 3].y;
++        loader->pp1.x = outline.points[i + 0].x;
++        loader->pp1.y = outline.points[i + 0].y;
++        loader->pp2.x = outline.points[i + 1].x;
++        loader->pp2.y = outline.points[i + 1].y;
++
++        loader->pp3.x = outline.points[i + 2].x;
++        loader->pp3.y = outline.points[i + 2].y;
++        loader->pp4.x = outline.points[i + 3].x;
++        loader->pp4.y = outline.points[i + 3].y;
+ 
+         /* recalculate linear horizontal and vertical advances */
+         /* if we don't have HVAR and VVAR, respectively        */
+--- a/include/freetype/internal/ftmemory.h
++++ b/include/freetype/internal/ftmemory.h
+@@ -344,14 +344,13 @@ extern "C++"
+ #define FT_RENEW_ARRAY( ptr, curcnt, newcnt )                           \
+           FT_MEM_SET_ERROR( FT_MEM_RENEW_ARRAY( ptr, curcnt, newcnt ) )
+ 
+-#define FT_QNEW( ptr )                           \
+-          FT_MEM_SET_ERROR( FT_MEM_QNEW( ptr ) )
++#define FT_QNEW( ptr )  FT_MEM_SET_ERROR( FT_MEM_QNEW( ptr ) )
+ 
+-#define FT_QNEW_ARRAY( ptr, count )                          \
+-          FT_MEM_SET_ERROR( FT_MEM_NEW_ARRAY( ptr, count ) )
++#define FT_QNEW_ARRAY( ptr, count )                           \
++          FT_MEM_SET_ERROR( FT_MEM_QNEW_ARRAY( ptr, count ) )
+ 
+-#define FT_QRENEW_ARRAY( ptr, curcnt, newcnt )                          \
+-          FT_MEM_SET_ERROR( FT_MEM_RENEW_ARRAY( ptr, curcnt, newcnt ) )
++#define FT_QRENEW_ARRAY( ptr, curcnt, newcnt )                           \
++          FT_MEM_SET_ERROR( FT_MEM_QRENEW_ARRAY( ptr, curcnt, newcnt ) )
+ 
+ 
+   FT_BASE( FT_Pointer )
+--- a/src/sfnt/ttload.c
++++ b/src/sfnt/ttload.c
+@@ -987,6 +987,9 @@
+           }
+         }
+ 
++        /* mark the string as not yet converted */
++        entry->string = NULL;
++
+         entry++;
+       }
+ 
+
diff --git a/SPECS/freetype.spec b/SPECS/freetype.spec
index 54d9458..a9a96fe 100644
--- a/SPECS/freetype.spec
+++ b/SPECS/freetype.spec
@@ -4,7 +4,7 @@
 Summary: A free and portable font rendering engine
 Name: freetype
 Version: 2.10.4
-Release: 9%{?dist}
+Release: 9%{?dist}.alma.1
 License: (FTL or GPLv2+) and BSD and MIT and Public Domain and zlib with acknowledgement
 URL: http://www.freetype.org
 Source:  http://download.savannah.gnu.org/releases/freetype/freetype-%{version}.tar.xz
@@ -41,6 +41,14 @@ Patch10: freetype-2.10.4-properly-guard-face_index.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2077985
 Patch11: freetype-2.10.4-guard-face-size.patch
 
+# CVE-2025-27363
+# https://issues.redhat.com/browse/RHEL-83280
+# https://gitlab.com/redhat/centos-stream/rpms/freetype/-/merge_requests/8
+# backported from
+# https://gitlab.freedesktop.org/freetype/freetype/-/commit/ef636696524b081f1b8819eb0c6a0b932d35757d
+# https://gitlab.freedesktop.org/freetype/freetype/-/commit/73720c7c9958e87b3d134a7574d1720ad2d24442
+Patch12: freetype-2.10.4-cve-2025-27363.patch
+
 BuildRequires:  gcc
 BuildRequires: libX11-devel
 BuildRequires: libpng-devel
@@ -108,6 +116,7 @@ popd
 %patch9 -p1 -b .avoid-invalid-face-index
 %patch10 -p1 -b .properly-guard-face_index
 %patch11 -p1 -b .guard-face-size
+%patch12 -p1 -b .cve-2025-27363
 
 %build
 
@@ -249,6 +258,12 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.{a,la}
 %{_mandir}/man1/*
 
 %changelog
+* Wed Mar 12 2025 Jonathan Wright <jonathan@almalinux.org> - 20.10.4-9.alma.1
+- Backport from CentOS Stream 9 PR by Michel Lind <salimma@centosproject.org>
+- TrueType clean up and unsigned fixes for CVE-2025-27363
+- Resolves: RHEL-83280
+
+
 * Tue May 31 2022 Marek Kasik <mkasik@redhat.com> - 2.10.4-9
 - Guard face->size
 - Resolves: #2079280