Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Freetype Library: OpenType Font Parsing Error
UBUNTU-CVE-2026-23865
Summary
OpenType fonts in Freetype versions 2.13.2 and 2.13.3 may cause a software crash or incorrect rendering when displaying variable fonts. This issue has been fixed in version 2.14.2. Upgrade to the latest version to prevent potential issues.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| canonical | freetype | All versions | – |
| canonical | freetype | All versions | – |
| canonical | freetype | All versions | – |
| canonical | freetype | All versions | – |
| canonical | freetype | All versions | – |
| canonical | freetype | All versions | – |
| canonical | freetype | All versions | – |
Original title
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR ...
Original description
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
osv CVSS3.1
5.3
- https://ubuntu.com/security/CVE-2026-23865 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-23865 Third Party Advisory
- https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/ Third Party Advisory
- https://www.facebook.com/security/advisories/cve-2026-23865 Third Party Advisory
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026