2443891 – (CVE-2026-23865) CVE-2026-23865 Freetype: Freetype: Information disclosure or denial of service via specially crafted font files

Bug 2443891 (CVE-2026-23865) - CVE-2026-23865 Freetype: Freetype: Information disclosure or denial of service via specially crafted font files

Summary: CVE-2026-23865 Freetype: Freetype: Information disclosure or denial of servic...

Keywords:
Status:	NEW
Alias:	CVE-2026-23865
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-02 17:03 UTC by OSIDB Bzimport
Modified:	2026-03-05 06:12 UTC (History)
CC List:	20 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-02 17:03:16 UTC

An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.

Note You need to log in before you can comment on or make changes to this bug.

adudiak
ahughes
caswilli
fferrari
fitzsim
gotiwari
jcantril
jgrulich
jhorak
kaycoth
khosford
kshier
mvyas
neugens
pjindal
rojacob
stcannon
teagle
tpopela
yguenane