CVE-2026-23865

Publication date 2 March 2026

Last updated 27 May 2026

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

5.3 · Medium

Score breakdown

Description

An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.

Status

Package Ubuntu Release Status
freetype 26.04 LTS resolute
Not affected
25.10 questing
Fixed 2.13.3+dfsg-1ubuntu0.1
24.04 LTS noble
Fixed 2.13.2+dfsg-1ubuntu0.1
22.04 LTS jammy
Not affected
20.04 LTS focal
Not affected
18.04 LTS bionic
Not affected
16.04 LTS xenial
Not affected
14.04 LTS trusty
Not affected
openjdk-8 26.04 LTS resolute
Needs evaluation
25.10 questing
Needs evaluation
24.04 LTS noble
Needs evaluation
22.04 LTS jammy
Needs evaluation
20.04 LTS focal
Needs evaluation
18.04 LTS bionic
Needs evaluation
16.04 LTS xenial
Needs evaluation
openjdk-9 26.04 LTS resolute Not in release
25.10 questing Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
16.04 LTS xenial Ignored end of ESM support, was ignored [no longer supported by upstream]
openjdk-lts 26.04 LTS resolute
Needs evaluation
25.10 questing
Needs evaluation
24.04 LTS noble
Needs evaluation
22.04 LTS jammy
Needs evaluation
20.04 LTS focal
Needs evaluation
18.04 LTS bionic
Needs evaluation
openjdk-13 26.04 LTS resolute Not in release
25.10 questing Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored superseded by openjdk-17
openjdk-16 26.04 LTS resolute Not in release
25.10 questing Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored superseded by openjdk-17
openjdk-17 26.04 LTS resolute
Needs evaluation
25.10 questing
Needs evaluation
24.04 LTS noble
Needs evaluation
22.04 LTS jammy
Needs evaluation
20.04 LTS focal
Needs evaluation
18.04 LTS bionic
Needs evaluation
openjdk-17-crac 26.04 LTS resolute
Needs evaluation
25.10 questing
Needs evaluation
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
openjdk-18 26.04 LTS resolute Not in release
25.10 questing Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by openjdk-19
openjdk-21 26.04 LTS resolute
Needs evaluation
25.10 questing
Needs evaluation
24.04 LTS noble
Needs evaluation
22.04 LTS jammy
Needs evaluation
20.04 LTS focal
Needs evaluation
openjdk-21-crac 26.04 LTS resolute
Needs evaluation
25.10 questing
Needs evaluation
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
openjdk-25 26.04 LTS resolute
Needs evaluation
25.10 questing
Needs evaluation
24.04 LTS noble
Needs evaluation
22.04 LTS jammy
Needs evaluation

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
freetype

Severity score breakdown

Parameter Value
Base score 5.3 · Medium
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality Low
Integrity impact Low
Availability impact Low
Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References

Related Ubuntu Security Notices (USN)

    • USN-8330-1
    • OpenJDK 8 vulnerabilities
    • 28 May 2026
    • USN-8331-1
    • OpenJDK 11 vulnerabilities
    • 28 May 2026
    • USN-8332-1
    • CRaC JDK 17 vulnerabilities
    • 28 May 2026
    • USN-8333-1
    • CRaC JDK 21 vulnerabilities
    • 28 May 2026
    • USN-8334-1
    • CRaC JDK 25 vulnerabilities
    • 28 May 2026
    • USN-8327-1
    • OpenJDK 17 vulnerabilities
    • 28 May 2026
    • USN-8328-1
    • OpenJDK 21 vulnerabilities
    • 28 May 2026
    • USN-8341-1
    • OpenJDK 26 vulnerabilities
    • 28 May 2026
    • USN-8339-1
    • OpenJDK 25 vulnerabilities
    • 28 May 2026

Other references

Access our resources on patching vulnerabilities