CVE-2026-23865

medium

Red Hat

CVSS v3 Base Score

5.3

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

EPSS Score

0.0%

Exploitation probability in 30 days

Top 98% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Confidentiality

Low

Integrity

Low

Availability

Low

Published: March 2, 2026 (73 days ago)

Last Modified: March 2, 2026

Vendor: Red Hat

Description

An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.

Affected Products

Logging Subsystem for Red Hat OpenShiftRed Hat build of OpenJDK 11 ELSRed Hat build of OpenJDK 17Red Hat build of OpenJDK 21Red Hat build of OpenJDK 25Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 gitlab.com 🔗 sourceforge.net

CVE-2026-23865

Vulnerability Report

Description

Affected Products

References