Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses

Filter by:

With package: freetype

Found 1 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-23865

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

An integer overflow in the tt_var_load_item_variation_store function of the Freetype …

An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.

References

https://www.facebook.com/security/advisories/cve-2026-23865 x_refsource_CONFIRM
https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875… x_refsource_CONFIRM
https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/ x_refsource_CONFIRM

Affected products

FreeType

=<2.14.1
=<2.13.3

Matching in nixpkgs

pkgs.freetype

Font rendering engine

nixos-unstable 2.13.3
- nixpkgs-unstable 2.13.3
- nixos-unstable-small 2.13.3
nixos-25.11 2.13.3
- nixos-25.11-small 2.13.3
- nixpkgs-25.11-darwin 2.13.3

pkgs.haskellPackages.freetype2

Haskell bindings for FreeType 2 library

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.11 0.2.0
- nixos-25.11-small 0.2.0
- nixpkgs-25.11-darwin 0.2.0

pkgs.sbclPackages.cl-freetype2

None

nixos-unstable freetype2-20241012-git
- nixpkgs-unstable freetype2-20241012-git
- nixos-unstable-small freetype2-20241012-git
nixos-25.11 freetype2-20241012-git
- nixos-25.11-small freetype2-20241012-git
- nixpkgs-25.11-darwin freetype2-20241012-git

pkgs.haskellPackages.gi-freetype2

freetype2 bindings

nixos-unstable freetype2-2.0.5
- nixpkgs-unstable freetype2-2.0.5
- nixos-unstable-small freetype2-2.0.5
nixos-25.11 freetype2-2.0.5
- nixos-25.11-small freetype2-2.0.5
- nixpkgs-25.11-darwin freetype2-2.0.5

pkgs.python312Packages.freetype-py

FreeType (high-level Python API)

nixos-25.11 2.5.1
- nixos-25.11-small 2.5.1
- nixpkgs-25.11-darwin 2.5.1

pkgs.python313Packages.freetype-py

FreeType (high-level Python API)

nixos-unstable 2.5.1
- nixpkgs-unstable 2.5.1
- nixos-unstable-small 2.5.1
nixos-25.11 2.5.1
- nixos-25.11-small 2.5.1
- nixpkgs-25.11-darwin 2.5.1

pkgs.python314Packages.freetype-py

FreeType (high-level Python API)

nixos-unstable 2.5.1
- nixpkgs-unstable 2.5.1
- nixos-unstable-small 2.5.1

pkgs.chickenPackages_5.chickenEggs.freetype

Freetype2 Interface

nixos-unstable 0.3
- nixpkgs-unstable 0.3
- nixos-unstable-small 0.3
nixos-25.11 0.3
- nixos-25.11-small 0.3
- nixpkgs-25.11-darwin 0.3

pkgs.tests.pkg-config.defaultPkgConfigPackages.freetype2

Test whether freetype-2.13.3 exposes pkg-config modules freetype2

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

Package maintainers

@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@goertzenator Daniel Goertzen <daniel.goertzen@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@nagy Daniel Nagy <danielnagy@posteo.de>
@lukego Luke Gorrie <luke@snabb.co>
@Uthar Kasper Gałkowski <galkowskikasper@gmail.com>
@hraban Hraban Luyat <hraban@0brg.net>

1