Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-23022

FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c.

Published

2025-01-10T15:15:16.967

Last Modified

2025-01-16T21:12:15.537

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.0 (MEDIUM)

Weaknesses

Type: Secondary
CWE-190
Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	freetype	freetype	2.8.1	Yes

References

https://gitlab.freedesktop.org/freetype/freetype/-/issues/1312 Exploit ([email protected])
https://security-tracker.debian.org/tracker/CVE-2025-23022 Issue Tracking ([email protected])