NIXPKGS-2026-0498

GitHub issue published 3 months, 3 weeks ago

Permalink CVE-2026-23865

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): Low (L)
Exploit Code Maturity (E): Unproven (U)
Remediation Level (RL): Official Fix (O)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

updated 3 months, 3 weeks ago by @LeSuisse Activity log

Created suggestion 3 months, 3 weeks ago
@LeSuisse ignored
8 packages
- haskellPackages.freetype2
- sbclPackages.cl-freetype2
- haskellPackages.gi-freetype2
- python312Packages.freetype-py
- python313Packages.freetype-py
- python314Packages.freetype-py
- chickenPackages_5.chickenEggs.freetype
- tests.pkg-config.defaultPkgConfigPackages.freetype2
3 months, 3 weeks ago
@LeSuisse accepted 3 months, 3 weeks ago
@LeSuisse published on GitHub 3 months, 3 weeks ago

An integer overflow in the tt_var_load_item_variation_store function of the Freetype …

An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.

References

https://www.facebook.com/security/advisories/cve-2026-23865 x_refsource_CONFIRM
https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875… x_refsource_CONFIRM
https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/ x_refsource_CONFIRM

Affected products

FreeType

=<2.13.3
=<2.14.1

Matching in nixpkgs

pkgs.freetype

Font rendering engine

nixos-unstable 2.13.3
- nixpkgs-unstable 2.13.3
- nixos-unstable-small 2.13.3

Ignored packages (8)

pkgs.haskellPackages.freetype2

Haskell bindings for FreeType 2 library

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0

pkgs.sbclPackages.cl-freetype2

None

nixos-unstable freetype2-20241012-git
- nixpkgs-unstable freetype2-20241012-git
- nixos-unstable-small freetype2-20241012-git

pkgs.haskellPackages.gi-freetype2

freetype2 bindings

nixos-unstable freetype2-2.0.5
- nixpkgs-unstable freetype2-2.0.5
- nixos-unstable-small freetype2-2.0.5

pkgs.python312Packages.freetype-py

None

pkgs.python313Packages.freetype-py

FreeType (high-level Python API)

nixos-unstable 2.5.1
- nixpkgs-unstable 2.5.1
- nixos-unstable-small 2.5.1

pkgs.python314Packages.freetype-py

FreeType (high-level Python API)

nixos-unstable 2.5.1
- nixpkgs-unstable 2.5.1
- nixos-unstable-small 2.5.1

pkgs.chickenPackages_5.chickenEggs.freetype

Freetype2 Interface

nixos-unstable 0.3
- nixpkgs-unstable 0.3
- nixos-unstable-small 0.3

pkgs.tests.pkg-config.defaultPkgConfigPackages.freetype2

Test whether freetype-2.13.3 exposes pkg-config modules freetype2

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

Package maintainers

@ttuegel Thomas Tuegel <ttuegel@mailbox.org>

Upstream patch: https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c
Advisory: https://www.facebook.com/security/advisories/cve-2026-23865

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0498