Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
FreeType Library Can Crash When Parsing Certain Fonts
OESA-2026-1574
Summary
The FreeType library, used by some applications to render fonts, may crash when processing certain font files. This can happen if the font file contains malformed data. To fix this, update to the latest version of the library, FreeType 2.14.2, to prevent crashes.
What to do
- Update freetype to version 2.13.2-5.oe2403.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | freetype | <= 2.13.2-5.oe2403 | 2.13.2-5.oe2403 |
Original title
freetype security update
Original description
FreeType is written in C, designed to be small,efficient, highly customizable, and portable while capable of producing high-quality output (glyph images) of most vector and bitmap font formats
Security Fix(es):
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.(CVE-2026-23865)
Security Fix(es):
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.(CVE-2026-23865)
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA... Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-23865 Vendor Advisory
Published: 15 Mar 2026 · Updated: 15 Mar 2026 · First seen: 15 Mar 2026