{"id":"BIT-java-min-2026-23865","details":"An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.","aliases":["BIT-java-2026-23865","BIT-jre-2026-23865","CVE-2026-23865"],"modified":"2026-05-10T18:41:25.868097196Z","published":"2026-05-06T14:46:19.411Z","database_specific":{"severity":"Medium","cpes":["cpe:2.3:a:bellsoft:libericajdk:*:*:*:*:*:*:*:*"]},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2026/03/03/8"},{"type":"WEB","url":"https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23865"},{"type":"WEB","url":"https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/"},{"type":"WEB","url":"https://www.facebook.com/security/advisories/cve-2026-23865"}],"affected":[{"package":{"name":"java-min","ecosystem":"Bitnami","purl":"pkg:bitnami/java-min"},"ranges":[{"type":"SEMVER","events":[{"introduced":"9.0.0"},{"fixed":"11.0.31"},{"introduced":"12.0.0"},{"fixed":"17.0.19"},{"introduced":"18.0.0"},{"fixed":"21.0.11"},{"introduced":"22.0.0"},{"fixed":"25.0.3"},{"introduced":"26.0.0"},{"fixed":"26.0.1"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/java-min/BIT-java-min-2026-23865.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}]}],"schema_version":"1.7.5"}