CVE-2026-23865 | FreeType up to 2.13.3/2.14.1 HVAR/VVAR/MVAR tt_var_load_item_variation_store out-of-bounds

Inserito da Angelo Barbosa | Mar 2, 2026 | CVE

A vulnerability, which was classified as problematic, has been found in FreeType up to 2.13.3/2.14.1. Impacted is the function tt_var_load_item_variation_store of the component HVAR/VVAR/MVAR. The manipulation leads to out-of-bounds read.

This vulnerability is traded as CVE-2026-23865. It is possible to initiate the attack remotely. There is no exploit available.

It is advisable to upgrade the affected component.

CVE-2026-23865 | FreeType up to 2.13.3/2.14.1 HVAR/VVAR/MVAR tt_var_load_item_variation_store out-of-bounds

Post correlati

CVE-2025-1133 | ChurchCRM up to 5.13.0 EditEventAttendees EID sql injection

CVE-2025-0592 | SICK Lector8xx/InspectorP8xx Firmware File message integrity

CVE-2023-52386 | Huawei HarmonyOS/EMUI RSMC Module out-of-bounds write

CVE-2025-10123 | D-Link DIR-823X up to 250416 set_static_leases sub_415028 Hostname command injection