Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Freetype Library OpenType Font Parsing Issue in Versions 2.13.2 and 2.13.3
DEBIAN-CVE-2026-23865
Summary
The Freetype library in versions 2.13.2 and 2.13.3 may not handle OpenType font data correctly, potentially leading to data being read from an unexpected location. This could potentially allow attackers to access sensitive information. Upgrade to version 2.14.2 to fix this issue.
What to do
- Update debian freetype to version 2.14.2+dfsg-1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| debian | freetype | All versions | – |
| debian | freetype | All versions | – |
| debian | freetype | All versions | – |
| debian | freetype | <= 2.14.2+dfsg-1 | 2.14.2+dfsg-1 |
Original title
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR ...
Original description
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
osv CVSS3.1
5.3
- https://security-tracker.debian.org/tracker/CVE-2026-23865 Vendor Advisory
Published: 2 Mar 2026 · Updated: 14 Mar 2026 · First seen: 14 Mar 2026