Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Out-of-bounds read in Freetype variable font parser
OESA-2026-1575
Summary
The Freetype library in versions 2.13.2 and 2.13.3 has a bug that could allow a hacker to access sensitive memory. This affects systems that use variable fonts and could potentially allow unauthorized access to data. Update to version 2.14.2 to fix this issue.
What to do
- Update freetype to version 2.13.2-5.oe2403sp1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | freetype | <= 2.13.2-5.oe2403sp1 | 2.13.2-5.oe2403sp1 |
Original title
freetype security update
Original description
FreeType is written in C, designed to be small,efficient, highly customizable, and portable while capable of producing high-quality output (glyph images) of most vector and bitmap font formats
Security Fix(es):
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.(CVE-2026-23865)
Security Fix(es):
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.(CVE-2026-23865)
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA... Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-23865 Vendor Advisory
Published: 15 Mar 2026 · Updated: 15 Mar 2026 · First seen: 15 Mar 2026