CVE-2026-23865 | THREATINT

Description

An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.

PUBLISHED Reserved 2026-01-16 | Published 2026-03-02 | Updated 2026-03-02 | Assigner Meta

MEDIUM: 5.3CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C

Problem types

CWE-125: Out of Bounds Read

Product status

Default status

affected

2.13.2 (semver)

affected

2.14.0 (semver)

affected

References

www.facebook.com/security/advisories/cve-2026-23865

gitlab.com/...ommit/fc85a255849229c024c8e65f536fe1875d84841c

sourceforge.net/projects/freetype/files/freetype2/2.14.2/

cve.org (CVE-2026-23865)

nvd.nist.gov (CVE-2026-23865)

Download JSON