An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
9~b101-2ubuntu29~b102-19~b113-0ubuntu19~b114-0ubuntu19~b88-113+33-113.0.1+9-213.0.2+8-113.0.2+8-213.0.3+3-1ubuntu213.0.4+8-1~20.0413.0.7+5-0ubuntu1~20.0416.0.1+9-1~20.0417.0.19+10-1~22.04.218.0.2+9-2~22.0418~15ea-418~20ea-118~32ea-118~36ea-121.0.11+10-1~22.04.225.0.3+9-2~22.04.28u492-ga~us2-0ubuntu1~22.04.111.0.31+11-1ubuntu1~22.04.22.13.2+dfsg-1ubuntu0.1Exploitability
AV:LAC:LPR:NUI:RScope
S:UImpact
C:LI:LA:LCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L