Medium severity5.3NVD Advisory· Published Mar 2, 2026· Updated May 1, 2026
CVE-2026-23865
CVE-2026-23865
Description
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
114- osv-coords112 versionspkg:apk/chainguard/openjdk-21pkg:apk/chainguard/openjdk-26pkg:apk/wolfi/openjdk-21pkg:apk/wolfi/openjdk-26pkg:bitnami/javapkg:bitnami/java-minpkg:bitnami/jrepkg:rpm/almalinux/java-17-openjdkpkg:rpm/almalinux/java-17-openjdk-demopkg:rpm/almalinux/java-17-openjdk-demo-fastdebugpkg:rpm/almalinux/java-17-openjdk-demo-slowdebugpkg:rpm/almalinux/java-17-openjdk-develpkg:rpm/almalinux/java-17-openjdk-devel-fastdebugpkg:rpm/almalinux/java-17-openjdk-devel-slowdebugpkg:rpm/almalinux/java-17-openjdk-fastdebugpkg:rpm/almalinux/java-17-openjdk-headlesspkg:rpm/almalinux/java-17-openjdk-headless-fastdebugpkg:rpm/almalinux/java-17-openjdk-headless-slowdebugpkg:rpm/almalinux/java-17-openjdk-javadocpkg:rpm/almalinux/java-17-openjdk-javadoc-zippkg:rpm/almalinux/java-17-openjdk-jmodspkg:rpm/almalinux/java-17-openjdk-jmods-fastdebugpkg:rpm/almalinux/java-17-openjdk-jmods-slowdebugpkg:rpm/almalinux/java-17-openjdk-slowdebugpkg:rpm/almalinux/java-17-openjdk-srcpkg:rpm/almalinux/java-17-openjdk-src-fastdebugpkg:rpm/almalinux/java-17-openjdk-src-slowdebugpkg:rpm/almalinux/java-17-openjdk-static-libspkg:rpm/almalinux/java-17-openjdk-static-libs-fastdebugpkg:rpm/almalinux/java-17-openjdk-static-libs-slowdebugpkg:rpm/almalinux/java-1.8.0-openjdkpkg:rpm/almalinux/java-1.8.0-openjdk-accessibilitypkg:rpm/almalinux/java-1.8.0-openjdk-accessibility-fastdebugpkg:rpm/almalinux/java-1.8.0-openjdk-accessibility-slowdebugpkg:rpm/almalinux/java-1.8.0-openjdk-demopkg:rpm/almalinux/java-1.8.0-openjdk-demo-fastdebugpkg:rpm/almalinux/java-1.8.0-openjdk-demo-slowdebugpkg:rpm/almalinux/java-1.8.0-openjdk-develpkg:rpm/almalinux/java-1.8.0-openjdk-devel-fastdebugpkg:rpm/almalinux/java-1.8.0-openjdk-devel-slowdebugpkg:rpm/almalinux/java-1.8.0-openjdk-fastdebugpkg:rpm/almalinux/java-1.8.0-openjdk-headlesspkg:rpm/almalinux/java-1.8.0-openjdk-headless-fastdebugpkg:rpm/almalinux/java-1.8.0-openjdk-headless-slowdebugpkg:rpm/almalinux/java-1.8.0-openjdk-javadocpkg:rpm/almalinux/java-1.8.0-openjdk-javadoc-zippkg:rpm/almalinux/java-1.8.0-openjdk-slowdebugpkg:rpm/almalinux/java-1.8.0-openjdk-srcpkg:rpm/almalinux/java-1.8.0-openjdk-src-fastdebugpkg:rpm/almalinux/java-1.8.0-openjdk-src-slowdebugpkg:rpm/almalinux/java-21-openjdkpkg:rpm/almalinux/java-21-openjdk-demopkg:rpm/almalinux/java-21-openjdk-demo-fastdebugpkg:rpm/almalinux/java-21-openjdk-demo-slowdebugpkg:rpm/almalinux/java-21-openjdk-develpkg:rpm/almalinux/java-21-openjdk-devel-fastdebugpkg:rpm/almalinux/java-21-openjdk-devel-slowdebugpkg:rpm/almalinux/java-21-openjdk-fastdebugpkg:rpm/almalinux/java-21-openjdk-headlesspkg:rpm/almalinux/java-21-openjdk-headless-fastdebugpkg:rpm/almalinux/java-21-openjdk-headless-slowdebugpkg:rpm/almalinux/java-21-openjdk-javadocpkg:rpm/almalinux/java-21-openjdk-javadoc-zippkg:rpm/almalinux/java-21-openjdk-jmodspkg:rpm/almalinux/java-21-openjdk-jmods-fastdebugpkg:rpm/almalinux/java-21-openjdk-jmods-slowdebugpkg:rpm/almalinux/java-21-openjdk-slowdebugpkg:rpm/almalinux/java-21-openjdk-srcpkg:rpm/almalinux/java-21-openjdk-src-fastdebugpkg:rpm/almalinux/java-21-openjdk-src-slowdebugpkg:rpm/almalinux/java-21-openjdk-static-libspkg:rpm/almalinux/java-21-openjdk-static-libs-fastdebugpkg:rpm/almalinux/java-21-openjdk-static-libs-slowdebugpkg:rpm/almalinux/java-25-openjdkpkg:rpm/almalinux/java-25-openjdk-crypto-adapterpkg:rpm/almalinux/java-25-openjdk-crypto-adapter-fastdebugpkg:rpm/almalinux/java-25-openjdk-crypto-adapter-slowdebugpkg:rpm/almalinux/java-25-openjdk-demopkg:rpm/almalinux/java-25-openjdk-demo-fastdebugpkg:rpm/almalinux/java-25-openjdk-demo-slowdebugpkg:rpm/almalinux/java-25-openjdk-develpkg:rpm/almalinux/java-25-openjdk-devel-fastdebugpkg:rpm/almalinux/java-25-openjdk-devel-slowdebugpkg:rpm/almalinux/java-25-openjdk-fastdebugpkg:rpm/almalinux/java-25-openjdk-headlesspkg:rpm/almalinux/java-25-openjdk-headless-fastdebugpkg:rpm/almalinux/java-25-openjdk-headless-slowdebugpkg:rpm/almalinux/java-25-openjdk-javadocpkg:rpm/almalinux/java-25-openjdk-javadoc-zippkg:rpm/almalinux/java-25-openjdk-jmodspkg:rpm/almalinux/java-25-openjdk-jmods-fastdebugpkg:rpm/almalinux/java-25-openjdk-jmods-slowdebugpkg:rpm/almalinux/java-25-openjdk-slowdebugpkg:rpm/almalinux/java-25-openjdk-srcpkg:rpm/almalinux/java-25-openjdk-src-fastdebugpkg:rpm/almalinux/java-25-openjdk-src-slowdebugpkg:rpm/almalinux/java-25-openjdk-static-libspkg:rpm/almalinux/java-25-openjdk-static-libs-fastdebugpkg:rpm/almalinux/java-25-openjdk-static-libs-slowdebugpkg:rpm/opensuse/freetype2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-11-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-17-openj9&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/java-17-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-1_8_0-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-21-openj9&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/java-21-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-25-openj9&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-25-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-26-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/suse/busybox&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/freetype2&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/freetype2&distro=SUSE%20Linux%20Micro%206.1
< 21.0.11-r0+ 111 more
- (no CPE)range: < 21.0.11-r0
- (no CPE)range: < 26.0.1-r0
- (no CPE)range: < 21.0.11-r0
- (no CPE)range: < 26.0.1-r0
- (no CPE)range: >= 9.0.0, < 11.0.31
- (no CPE)range: >= 9.0.0, < 11.0.31
- (no CPE)range: >= 9.0.0, < 11.0.31
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 2.14.2-1.1
- (no CPE)range: < 11.0.31.0-1.1
- (no CPE)range: < 17.0.19.0-bp160.1.1
- (no CPE)range: < 17.0.19.0-1.1
- (no CPE)range: < 1.8.0.492-1.1
- (no CPE)range: < 21.0.11.0-bp160.1.1
- (no CPE)range: < 21.0.11.0-1.1
- (no CPE)range: < 25.0.3.0-1.1
- (no CPE)range: < 25.0.3.0-1.1
- (no CPE)range: < 26.0.1.0-1.1
- (no CPE)range: < 1.36.1-3.1
- (no CPE)range: < 2.14.2-1.1
- (no CPE)range: < 2.14.2-slfo.1.1_1.1
Patches
Vulnerability mechanics
References
4- gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841cnvdPatch
- www.facebook.com/security/advisories/cve-2026-23865nvdThird Party Advisory
- www.openwall.com/lists/oss-security/2026/03/03/8nvdMailing List
- sourceforge.net/projects/freetype/files/freetype2/2.14.2/nvdRelease Notes
News mentions
0No linked articles in our index yet.