CVE-2025-23022

NameCVE-2025-23022
DescriptionFreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Notes

Bogus fuzzing report for a seven year old copy of FreeType
https://gitlab.freedesktop.org/freetype/freetype/-/issues/1312
Search for package or bug name: Reporting problems