UBUNTU-CVE-2026-50811

Source
https://ubuntu.com/security/CVE-2026-50811
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-50811.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-50811
Upstream
Published
2026-07-07T23:16:00Z
Modified
2026-07-16T20:37:26.024054857Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TTGetVarDesign implementation used by FTGetVarDesign_Coordinates

References

Affected packages

Ubuntu:25.10 / freetype

Package

Name
freetype
Purl
pkg:deb/ubuntu/freetype?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.13.3+dfsg-1
2.13.3+dfsg-1build1
2.13.3+dfsg-1ubuntu0.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "freetype2-demos",
            "binary_version": "2.13.3+dfsg-1ubuntu0.1"
        },
        {
            "binary_name": "libfreetype6",
            "binary_version": "2.13.3+dfsg-1ubuntu0.1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-50811.json"

Ubuntu:26.04:LTS / freetype

Package

Name
freetype
Purl
pkg:deb/ubuntu/freetype?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.13.3+dfsg-1build1
2.14.1+dfsg-1
2.14.1+dfsg-2
2.14.2+dfsg-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "freetype2-demos",
            "binary_version": "2.14.2+dfsg-1"
        },
        {
            "binary_name": "libfreetype6",
            "binary_version": "2.14.2+dfsg-1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-50811.json"