SB2026031141 - OpenBSD update for FreeType
Published: March 11, 2026
Security Bulletin ID
SB2026031141
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Integer overflow (CVE-ID: CVE-2026-23865)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to integer overflow within the tt_var_load_item_variation_store() function when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. A remote attacker can trick the victim into opening a specially crafted file, trigger an integer overflow and read memory contents on the system.
Remediation
Install update from vendor's website.
References
- http://www.openbsd.org/errata77.html#026"
- http://www.openbsd.org/errata77.html#026</a></p><p><a
- http://www.openbsd.org/errata78.html#020"
- http://www.openbsd.org/errata78.html#020</a></p><p><a
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.7/common/026_freetype.patch.sig"
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.7/common/026_freetype.patch.sig</a></p><p>
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/020_freetype.patch.sig</p><p><br></p>