Security Advisory

CVE-2026-23865

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-02 16:09:42

Last updated 2026-03-04 00:16:54

Assigner Meta

State PUBLISHED

Description

An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.

← Browse all CVEs View on cve.org ↗