rootio-freetype: Unauthorized data access via crafted font file

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

rootio-freetype: Unauthorized data access via crafted font file

ROOT-OS-DEBIAN-12-CVE-2026-23865

Summary

A security patch has been released for the rootio-freetype package on Root:Debian:12. If left unpatched, a malicious font file could potentially allow unauthorized access to sensitive data. Update to a fixed version to ensure security.

What to do

Update rootio-freetype to version 2.12.1+dfsg-5+deb12u4.root.io.1.

Affected software

Vendor	Product	Affected versions	Fix available
–	rootio-freetype	<= 2.12.1+dfsg-5+deb12u4.root.io.1	2.12.1+dfsg-5+deb12u4.root.io.1

Original title

CVE-2026-23865 in rootio-freetype - Patched by Root

Original description

Root has patched CVE-2026-23865 in the rootio-freetype package for Root:Debian:12. Multiple fixed versions available.

Published: 6 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026