FreeType Heap Buffer Overflow via Improper Limit Calculation in TrueType SHZ Instruction

56% confidence

Description

A heap buffer overflow vulnerability exists in the FreeType library's TrueType bytecode interpreter. The vulnerability is triggered by the SHZ (Shift Zone) instruction when executed within a composite glyph context. Improper calculation of the loop limit leads to an out-of-bounds memory access (both read and write) in the Move_Zp2_Point function. An attacker can leverage this to cause an application crash or potentially achieve arbitrary code execution.

Affected Products

Vendor	Product	Versions
freetype-project.org	—	—

Related News (1 articles)

Tier C

oss-security4h ago

Project Zero discloses 4 bugs in FreeType

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

PublishedJun 6, 2026

Last enriched3h ago

Trending Score20

Source articles1

Independent1

Info Completeness3/14

Missing: cve_id, product, versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

FreeType Heap Buffer Overflow via Improper Limit Calculation in TrueType SHZ Instruction

Description

Affected Products

Related News (1 articles)

Community Vote

Pin to Dashboard

Verification

Vulnerability Timeline