Fluid Attacks Database

Description

An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	freetype	=2.13.3+dfsg-1 \|\| =2.14.1+dfsg-1 \|\| =2.14.1+dfsg-2 \|\| >=0 <2.14.2+dfsg-1	2.14.2+dfsg-1
debian 13	freetype	=2.13.3+dfsg-1 \|\| >=0 <2.13.3+dfsg-1+deb13u1	2.13.3+dfsg-1+deb13u1
rpm rhel10	java-25-openjdk	<1:25.0.3.0.9-1.el10_2	1:25.0.3.0.9-1.el10_2
rpm rhel8	java-17-openjdk	<1:17.0.19.0.10-1.el8	1:17.0.19.0.10-1.el8
rpm rhel8	mingw-freetype	-	-
rpm rhel9	java-1.8.0-openjdk	<1:1.8.0.492.b09-2.el9	1:1.8.0.492.b09-2.el9
rpm rhel8	firefox	-	-
rpm rhel9	java-17-openjdk	<1:17.0.19.0.10-2.el9	1:17.0.19.0.10-2.el9
rpm rhel9	java-21-openjdk	<1:21.0.11.0.10-2.el9	1:21.0.11.0.10-2.el9
rpm rhel9	java-25-openjdk	<1:25.0.3.0.9-1.el9	1:25.0.3.0.9-1.el9

1-10 of 44

Aliases

1. CVE-2026-238652. NVD-2026-238653. OSV-DEBIAN-2026-238654. OSV-2026-238655. SECURITY-TRACKER-CVE-2026-23865

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.