CVE-2026-50811
This CVE affects FreeType 2.14.3 and earlier builds up to commit 5a280ecde6f324de0d226261036e736e0cb49a71, in src/truetype/ttgxvar.c within TT_Get_Var_Design (used by FT_Get_Var_Design_Coordinates). The vulnerability is an out-of-bounds read in TT_Get_Var_Design, with the underlying cause describ...