PatchSiren cyber security CVE debrief
CVE-2026-50811 FreeType CVE debrief
CVE-2026-50811 is an out-of-bounds read vulnerability in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TT_Get_Var_Design implementation used by FT_Get_Var_Design_Coordinates. This vulnerability has a medium defensive priority. Evidence is limited; verify affected scope with inventory checks and monitor for vendor remediation. The vulnerability exists in the TT_Get_Var_Design implementation used by FT_Get_Var_Design_Coordinates. Limited evidence is available; further verification is required.
- Vendor
- FreeType
- Product
- FreeType 2.14.3
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-07
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-07
- Advisory updated
- 2026-07-07
Who should care
Users of FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 should verify their affected scope and monitor for vendor remediation. This includes operators, platform administrators, vulnerability management teams, and security teams.
Technical summary
The vulnerability exists in the TT_Get_Var_Design implementation used by FT_Get_Var_Design_Coordinates in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71. Limited evidence is available; further verification is required. Affected product deployments should be verified, and compensating controls should be reviewed. This includes operators, platform administrators, vulnerability management teams, and security teams. Evidence is limited; verify primary official records. Affected scope and vendor remediation status are unknown. Limited evidence suggests FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 are affected. Verify affected scope with inventory checks and monitor for vendor remediation status. Official CVE record and NVD details provide additional context.
Defensive priority
Medium
Recommended defensive actions
- Verify affected scope with inventory checks
- Monitor for vendor remediation
- Implement compensating controls
- Exception tracking and retest
- Review official advisory or CVE record
- Plan vendor-supported updates or mitigations
- Check relevant monitoring, detection, and logs
Evidence notes
Evidence is limited; verify primary official records. Affected scope and vendor remediation status are unknown. Limited evidence suggests FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 are affected. Verify affected scope with inventory checks and monitor for vendor remediation status. Official CVE record and NVD details provide additional context.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T23:16:55.017Z and has not been modified since then.