{"id":"JLSEC-2026-461","summary":"An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in...","details":"An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.","modified":"2026-05-07T15:17:26.602193234Z","published":"2026-05-07T14:50:29.650Z","upstream":["CVE-2026-23865","EUVD-2026-9195","GHSA-878v-mxg6-vj8f"],"database_specific":{"sources":[{"imported":"2026-05-07T14:22:20.015Z","modified":"2026-05-01T17:41:13.433Z","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-23865","database_specific":{"status":"Analyzed"},"published":"2026-03-02T17:16:32.100Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23865","id":"CVE-2026-23865"},{"modified":"2026-03-04T03:31:33Z","url":"https://api.github.com/advisories/GHSA-878v-mxg6-vj8f","imported":"2026-05-07T14:22:23.884Z","published":"2026-03-02T18:31:45Z","html_url":"https://github.com/advisories/GHSA-878v-mxg6-vj8f","id":"GHSA-878v-mxg6-vj8f"},{"modified":"2026-03-04T00:16:54Z","url":"https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2026-9195","imported":"2026-05-07T14:22:21.724Z","published":"2026-03-02T16:09:42Z","html_url":"https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-9195","id":"EUVD-2026-9195"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2026/03/03/8"},{"type":"WEB","url":"https://github.com/advisories/GHSA-878v-mxg6-vj8f"},{"type":"WEB","url":"https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23865"},{"type":"WEB","url":"https://sourceforge.net/projects/freetype/files/freetype2/2.14.2"},{"type":"WEB","url":"https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/"},{"type":"WEB","url":"https://www.facebook.com/security/advisories/cve-2026-23865"}],"affected":[{"package":{"name":"FreeType2_jll","ecosystem":"Julia","purl":"pkg:julia/FreeType2_jll?uuid=d7e528f0-a631-5988-bf34-fe36492bcfd7"},"ranges":[{"type":"SEMVER","events":[{"introduced":"2.13.2+0"},{"fixed":"2.14.3+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-461.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C"}]}