Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2026-23865

Опубликовано: 02 мар. 2026
Источник: debian

Описание

An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
freetypefixed2.14.2+dfsg-1package
freetypenot-affectedbookwormpackage
freetypenot-affectedbullseyepackage

Примечания

  • Introduced by: https://gitlab.com/freetype/freetype/-/commit/115e927540dba128980dd734dadeb06aa7b0f4d8 (VER-2-13-1)

  • Fixed by: https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c (VER-2-14-2)

Связанные уязвимости

ubuntu логотип

CVE-2026-23865

CVSS3: 5.3
ubuntu
25 дней назад

An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.

redhat логотип

CVE-2026-23865

CVSS3: 5.3
redhat
25 дней назад

An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.

nvd логотип

CVE-2026-23865

CVSS3: 5.3
nvd
25 дней назад

An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.

msrc логотип

CVE-2026-23865

CVSS3: 5.3
msrc
23 дня назад

An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.

github логотип

GHSA-878v-mxg6-vj8f

CVSS3: 5.3
github
25 дней назад

An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.