Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Freetype Library: OpenType Font Parsing Error
CVE-2026-23865
Summary
Versions 2.13.2 and 2.13.3 of the Freetype library may incorrectly read data from certain OpenType fonts. This can lead to unexpected behavior or crashes. Update to version 2.14.2 to fix the issue.
Original title
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR ...
Original description
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
nvd CVSS3.1
5.3
Vulnerability type
CWE-125
Out-of-bounds Read
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026