CVE-2026-23865
MEDIUM5.3EPSS 0.02%freetype - security update
Published: 3/2/2026Modified: 5/8/2026
Description
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
Affected packages (5)
- Bitnami/java>= 9.0.0, < 11.0.31, >= 12.0.0, < 17.0.19, >= 18.0.0, < 21.0.11, >= 22.0.0, < 25.0.3, >= 26.0.0, < 26.0.1
- Bitnami/java-min>= 9.0.0, < 11.0.31, >= 12.0.0, < 17.0.19, >= 18.0.0, < 21.0.11, >= 22.0.0, < 25.0.3, >= 26.0.0, < 26.0.1
- Bitnami/jre>= 9.0.0, < 11.0.31, >= 12.0.0, < 17.0.19, >= 18.0.0, < 21.0.11, >= 22.0.0, < 25.0.3, >= 26.0.0, < 26.0.1
- Debian/freetypefrom 0, < 2.13.3+dfsg-1+deb13u1
- Debian/freetypefrom 0, < 2.13.3+dfsg-1+deb13u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L |
References (6)
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2026-23865
- WEBhttps://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2026-23865
- WEBhttps://sourceforge.net/projects/freetype/files/freetype2/2.14.2/
- WEBhttps://www.facebook.com/security/advisories/cve-2026-23865
- WEBhttp://www.openwall.com/lists/oss-security/2026/03/03/8