{ "threat_severity" : "Moderate", "public_date" : "2026-03-02T16:09:42Z", "bugzilla" : { "description" : "freetype: Freetype: Information disclosure or denial of service via specially crafted font files", "id" : "2443891", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2443891" }, "cvss3" : { "cvss3_base_score" : "5.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status" : "verified" }, "details" : [ "An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.", "A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or denial of service." ], "statement" : "This is a MODERATE impact vulnerability. An integer overflow in the Freetype library can lead to an out-of-bounds read when processing specially crafted OpenType variable fonts. Exploitation requires user interaction, such as opening a malicious font file.", "affected_release" : [ { "product_name" : "OPENJDK ELS 11.0.31", "release_date" : "2026-04-22T00:00:00Z", "advisory" : "RHSA-2026:9255", "cpe" : "cpe:/a:redhat:openjdk_els:11", "package" : "java-11-openjdk-portable" }, { "product_name" : "OPENJDK ELS 11.0.31", "release_date" : "2026-04-22T00:00:00Z", "advisory" : "RHSA-2026:9256", "cpe" : "cpe:/a:redhat:openjdk_els:11", "package" : "java-11-openjdk-windows" }, { "product_name" : "Red Hat Build of OpenJDK 17.0.19", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:9688", "cpe" : "cpe:/a:redhat:openjdk:17", "package" : "java-17-openjdk-windows" }, { "product_name" : "Red Hat Build of OpenJDK 17.0.9", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:9687", "cpe" : "cpe:/a:redhat:openjdk:17", "package" : "java-17-openjdk-portable" }, { "product_name" : "Red Hat Build of OpenJDK 21.0.11", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:9690", "cpe" : "cpe:/a:redhat:openjdk:21", "package" : "java-21-openjdk-portable" }, { "product_name" : "Red Hat Build of OpenJDK 21.0.11", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:9691", "cpe" : "cpe:/a:redhat:openjdk:21", "package" : "java-21-openjdk-windows" }, { "product_name" : "Red Hat Build of OpenJDK 25.0.3", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:9694", "cpe" : "cpe:/a:redhat:openjdk:25", "package" : "java-25-openjdk-portable" }, { "product_name" : "Red Hat Build of OpenJDK 8u492", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:9684", "cpe" : "cpe:/a:redhat:openjdk:1.8", "package" : "java-1.8.0-openjdk-portable" }, { "product_name" : "Red Hat Build of OpenJDK 8u492", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:9685", "cpe" : "cpe:/a:redhat:openjdk:1.8", "package" : "java-1.8.0-openjdk-windows" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9689", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "java-21-openjdk-1:21.0.11.0.10-2.el10_2" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-04-22T00:00:00Z", "advisory" : "RHSA-2026:9693", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "java-25-openjdk-1:25.0.3.0.9-1.el10_2" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9689", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "java-21-openjdk-1:21.0.11.0.10-1.el10_2" }, { "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date" : "2026-04-22T00:00:00Z", "advisory" : "RHSA-2026:9682", "cpe" : "cpe:/o:redhat:rhel_els:7", "package" : "java-1.8.0-openjdk-1:1.8.0.492.b09-1.el7_9" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9683", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "java-1.8.0-openjdk-1:1.8.0.492.b09-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9686", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "java-17-openjdk-1:17.0.19.0.10-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9689", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "java-21-openjdk-1:21.0.11.0.10-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9683", "cpe" : "cpe:/a:redhat:rhel_aus:8.2", "package" : "java-1.8.0-openjdk-1:1.8.0.492.b09-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9683", "cpe" : "cpe:/a:redhat:rhel_aus:8.4", "package" : "java-1.8.0-openjdk-1:1.8.0.492.b09-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9686", "cpe" : "cpe:/a:redhat:rhel_aus:8.4", "package" : "java-17-openjdk-1:17.0.19.0.10-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9683", "cpe" : "cpe:/a:redhat:rhel_eus_long_life:8.4", "package" : "java-1.8.0-openjdk-1:1.8.0.492.b09-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9686", "cpe" : "cpe:/a:redhat:rhel_eus_long_life:8.4", "package" : "java-17-openjdk-1:17.0.19.0.10-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9683", "cpe" : "cpe:/a:redhat:rhel_aus:8.6", "package" : "java-1.8.0-openjdk-1:1.8.0.492.b09-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9686", "cpe" : "cpe:/a:redhat:rhel_aus:8.6", "package" : "java-17-openjdk-1:17.0.19.0.10-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9683", "cpe" : "cpe:/a:redhat:rhel_tus:8.6", "package" : "java-1.8.0-openjdk-1:1.8.0.492.b09-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9686", "cpe" : "cpe:/a:redhat:rhel_tus:8.6", "package" : "java-17-openjdk-1:17.0.19.0.10-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9683", "cpe" : "cpe:/a:redhat:rhel_e4s:8.6", "package" : "java-1.8.0-openjdk-1:1.8.0.492.b09-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9686", "cpe" : "cpe:/a:redhat:rhel_e4s:8.6", "package" : "java-17-openjdk-1:17.0.19.0.10-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9683", "cpe" : "cpe:/a:redhat:rhel_tus:8.8", "package" : "java-1.8.0-openjdk-1:1.8.0.492.b09-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9686", "cpe" : "cpe:/a:redhat:rhel_tus:8.8", "package" : "java-17-openjdk-1:17.0.19.0.10-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9683", "cpe" : "cpe:/a:redhat:rhel_e4s:8.8", "package" : "java-1.8.0-openjdk-1:1.8.0.492.b09-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9686", "cpe" : "cpe:/a:redhat:rhel_e4s:8.8", "package" : "java-17-openjdk-1:17.0.19.0.10-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9683", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "java-1.8.0-openjdk-1:1.8.0.492.b09-2.el9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9686", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "java-17-openjdk-1:17.0.19.0.10-2.el9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9689", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "java-21-openjdk-1:21.0.11.0.10-2.el9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-04-22T00:00:00Z", "advisory" : "RHSA-2026:9693", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "java-25-openjdk-1:25.0.3.0.9-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9683", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "java-1.8.0-openjdk-1:1.8.0.492.b09-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9686", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "java-17-openjdk-1:17.0.19.0.10-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9683", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "java-1.8.0-openjdk-1:1.8.0.492.b09-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9686", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "java-17-openjdk-1:17.0.19.0.10-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9683", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "java-1.8.0-openjdk-1:1.8.0.492.b09-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9686", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "java-17-openjdk-1:17.0.19.0.10-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9689", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "java-21-openjdk-1:21.0.11.0.10-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9683", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "java-1.8.0-openjdk-1:1.8.0.492.b09-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9686", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "java-17-openjdk-1:17.0.19.0.10-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:9689", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "java-21-openjdk-1:21.0.11.0.10-1.el9" }, { "product_name" : "Red Hat OpenJDK 11 els for RHEL 7", "release_date" : "2026-04-22T00:00:00Z", "advisory" : "RHSA-2026:9254", "cpe" : "cpe:/a:redhat:openjdk_els:11::el7", "package" : "java-11-openjdk-1:11.0.31.0.11-1.el7_9" }, { "product_name" : "Red Hat OpenJDK 11 els for RHEL 8", "release_date" : "2026-04-22T00:00:00Z", "advisory" : "RHSA-2026:9254", "cpe" : "cpe:/a:redhat:openjdk_els:11::el8", "package" : "java-11-openjdk-1:11.0.31.0.11-1.el8" }, { "product_name" : "Red Hat OpenJDK 11 els for RHEL 9", "release_date" : "2026-04-22T00:00:00Z", "advisory" : "RHSA-2026:9254", "cpe" : "cpe:/a:redhat:openjdk_els:11::el9", "package" : "java-11-openjdk-1:11.0.31.0.11-1.el9" }, { "product_name" : "Temurin Build of OpenJDK 25.0.3", "release_date" : "2026-04-30T00:00:00Z", "advisory" : "RHSA-2026:11822", "cpe" : "cpe:/a:redhat:openjdk:25", "package" : "java-25-openjdk-windows" }, { "product_name" : "Red Hat Hardened Images", "release_date" : "2026-04-13T00:00:00Z", "advisory" : "RHSA-2026:7933", "cpe" : "cpe:/a:redhat:hummingbird:1", "package" : "freetype-main-2.14.3-1.hum1" } ], "package_state" : [ { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/cluster-logging-operator-bundle", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/cluster-logging-rhel9-operator", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/eventrouter-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/fluentd-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/log-file-metric-exporter-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/logging-view-plugin-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/vector-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "freetype", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "gjs", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "java-21-ibm-semeru-certified-jdk", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Fix deferred", "package_name" : "freetype", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "java-1.6.0-openjdk", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "java-1.7.0-openjdk", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "java-1.8.0-openjdk", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "freetype", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "java-1.6.0-openjdk", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "java-1.7.0-openjdk", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "freetype", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "java-1.8.0-ibm", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "mingw-freetype", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "mozjs60", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "freetype", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "gjs", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "rhcos", "cpe" : "cpe:/a:redhat:openshift:4" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-23865\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23865\nhttps://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c\nhttps://sourceforge.net/projects/freetype/files/freetype2/2.14.2/\nhttps://www.facebook.com/security/advisories/cve-2026-23865\nhttps://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA" ], "name" : "CVE-2026-23865", "csaw" : false }