CVE-2026-23865 — Out-of-bounds Read in Freetype

CWE-125 — Out-of-bounds Read11 documents9 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 97.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freetype Debian Freetype Msrc Azl3 Freetype 2.13.2-1 ON Azure Linux 3.0 +3 more

Timeline

PublishedMar 2

Latest updateMar 12

Description

An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages7 packages

▶debiandebian/freetype< freetype 2.14.2+dfsg-1 (forky)

▶Debianfreetype/freetype< 2.13.3+dfsg-1+deb13u1+1

▶CVEListV5freetype/freetype2.13.2 — 2.13.3+1

▶msrcmsrc/azl3_freetype_2.13.2-1_on_azure_linux_3.0

▶msrcmsrc/cbl2_freetype_2.13.1-1_on_cbl_mariner_2.0

🔴Vulnerability Details

OSV

CVE-2026-23865: An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2↗2026-03-02

▶

GHSA

GHSA-878v-mxg6-vj8f: An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2↗2026-03-02

▶

📋Vendor Advisories

Ubuntu

FreeType vulnerability↗2026-03-12

▶

Microsoft

▶

Red Hat

Freetype: Freetype: Information disclosure or denial of service via specially crafted font files↗2026-03-02

▶

Debian

CVE-2026-23865: freetype - An integer overflow in the tt_var_load_item_variation_store function of the Free...↗2026

▶

🕵️Threat Intelligence

Bleepingcomputer

Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws↗2026-03-10

▶

Wiz

CVE-2026-23865 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-3713 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

ELSA-2026-0932 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶