CVE-2026-50811
Published Jul 7, 2026
Description
An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TT_Get_Var_Design implementation used by FT_Get_Var_Design_Coordinates
References
Other References
https://gist.github.com/junius-sec/6dd0fb25b643f89914083a38e5e57ace
https://github.com/freetype/freetype/commit/5a280ecde6f324de0d226261036e736e0cb49a71
https://gitlab.freedesktop.org/freetype/freetype/-/commit/5a280ecde6f324de0d226261036e736e0cb49a71
https://gitlab.freedesktop.org/freetype/freetype/-/issues/1436
Frequently Asked Questions
What is CVE-2026-50811? +
An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TT_Get_Var_Design implementation used by FT_Get_Var_Design_Coordinates
How do I check if I'm vulnerable to CVE-2026-50811? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.