CVE-2026-23865 | FreeType up to 2.13.3/2.14.1 HVAR/VVAR/MVAR tt_var_load_item_variation_store out-of-bounds

Inserito da Angelo Barbosa | Mar 2, 2026 | CVE

A vulnerability, which was classified as problematic, has been found in FreeType up to 2.13.3/2.14.1. Impacted is the function tt_var_load_item_variation_store of the component HVAR/VVAR/MVAR. The manipulation leads to out-of-bounds read.

This vulnerability is traded as CVE-2026-23865. It is possible to initiate the attack remotely. There is no exploit available.

It is advisable to upgrade the affected component.

CVE-2026-23865 | FreeType up to 2.13.3/2.14.1 HVAR/VVAR/MVAR tt_var_load_item_variation_store out-of-bounds

Post correlati

CVE-2025-36931 | Google Android gxp_buffer.h gxp_buffer out-of-bounds write

CVE-2024-35475 | OpenKM up to 6.3.11 /admin/DatabaseQuery cross-site request forgery

CVE-2024-8209 | nafisulbari/itsourcecode Insurance Management System 1.0 addClient.php CLIENT ID cross site scripting

CVE-2024-38746 | MakeStories Plugin up to 3.0.3 on WordPress path traversal