GHSA-v5fr-wv7c-jq2mMediumCVSS 6.5
An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit...
🔗 CVE IDs covered (1)
📋 Description
An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TT_Get_Var_Design implementation used by FT_Get_Var_Design_Coordinates
🔗 References (7)
- https://nvd.nist.gov/vuln/detail/CVE-2026-50811
- https://github.com/freetype/freetype/commit/5a280ecde6f324de0d226261036e736e0cb49a71
- https://gist.github.com/junius-sec/6dd0fb25b643f89914083a38e5e57ace
- https://gitlab.freedesktop.org/freetype/freetype/-/commit/5a280ecde6f324de0d226261036e736e0cb49a71
- https://gitlab.freedesktop.org/freetype/freetype/-/issues/1436
- https://gitlab.freedesktop.org/freetype/freetype/-/work_items/1436
- https://github.com/advisories/GHSA-v5fr-wv7c-jq2m