CVE-2026-50811 in FreeTypeinfo

Summary

by MITRE • 07/08/2026

An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TT_Get_Var_Design implementation used by FT_Get_Var_Design_Coordinates

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 07/08/2026

The vulnerability under examination represents a critical out-of-bounds read condition within the FreeType font rendering library version 2.14.3 and earlier releases. This flaw resides specifically within the TrueTypeGX variation support implementation located in the file src/truetype/ttgxvar.c. The issue manifests during the execution of FT_Get_Var_Design_Coordinates function which processes variable font design coordinates, making it particularly dangerous as it affects one of the core font processing routines used by numerous applications and operating systems.

The technical root cause stems from inadequate input validation within the TT_Get_Var_Design implementation where the code fails to properly bounds-check array accesses when processing variation data structures. When an application attempts to retrieve variable design coordinates from a malformed or maliciously constructed TrueTypeGX font file, the implementation reads beyond allocated memory boundaries, potentially exposing sensitive data or causing application crashes. This type of vulnerability falls under CWE-129 which specifically addresses insufficient bounds checking for buffer access operations.

The operational impact of this vulnerability extends across multiple domains where FreeType is integrated including web browsers, desktop applications, operating systems, and mobile platforms that rely on font rendering capabilities. Attackers could exploit this weakness by crafting specially designed font files that trigger the out-of-bounds read condition when processed by vulnerable applications. The consequences may include arbitrary code execution, denial of service attacks, or information disclosure depending on how the vulnerable system handles memory access violations. This vulnerability directly aligns with ATT&CK technique T1059.007 for process injection and T1499.004 for network disruption through application vulnerabilities.

Mitigation strategies should prioritize immediate patching of FreeType to versions containing the fix referenced in commit 5a280ecde6f324de0d226261036e736e0cb49a71. System administrators should also implement font validation mechanisms at network boundaries and application levels to filter potentially malicious font files before processing. Additional protective measures include running applications with restricted privileges, enabling address space layout randomization, and employing memory protection mechanisms such as stack canaries to detect and prevent exploitation attempts. Organizations should conduct comprehensive vulnerability assessments to identify all systems utilizing vulnerable FreeType versions and ensure proper patch management procedures are in place to maintain security posture against similar future vulnerabilities.

Responsible

MITRE

Reservation

06/07/2026

Disclosure

07/08/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!