CVE-2025-23022
Published: October 1, 2025
FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c.
MEDIUM
CVSS v3: 4
CVSS v3: 4
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 0.0.0.1 | freetype (2.13.3) | Not Affected | Code Not Present | 2.13.3 does not match CVE configuration. |
| 25.4 | freetype (2.13.3) | Not Affected | Code Not Present | 2.13.3 does not match CVE configuration. |
| 25.3 | freetype (2.13.3) | Not Affected | Code Not Present | 2.13.3 does not match CVE configuration. |
| 25.2 | freetype (2.13.3) | Not Affected | Code Not Present | 2.13.3 does not match CVE configuration. |
| 25.1.1 | freetype (2.13.3) | Not Affected | Code Not Present | 2.13.3 does not match CVE configuration. |
| 25.1 | freetype (2.6.5) | Not Affected | Code Not Present | 2.6.5 does not match CVE configuration. |
| 24.4 | freetype (2.6.5) | Not Affected | Code Not Present | 2.6.5 does not match CVE configuration. |
| 24.4.0 | freetype (2.6.5) | Not Affected | Code Not Present | 2.6.5 does not match CVE configuration. |
| 24.3 | freetype (2.6.5) | Not Affected | Code Not Present | 2.6.5 does not match CVE configuration. |
| 24.2.1 | freetype (2.6.5) | Not Affected | Code Not Present | 2.6.5 does not match CVE configuration. |
| 24.2 | freetype (2.6.5) | Not Affected | Code Not Present | 2.6.5 does not match CVE configuration. |
| 24.1 | freetype (2.6.5) | Not Affected | Code Not Present | 2.6.5 does not match CVE configuration. |
| 23.3 | freetype (2.6.5) | Not Affected | Code Not Present | 2.6.5 does not match CVE configuration. |
| 23.2.1 | freetype (2.6.5) | Not Affected | Code Not Present | 2.6.5 does not match CVE configuration. |
| 23.2 | freetype (2.6.5) | Not Affected | Code Not Present | 2.6.5 does not match CVE configuration. |
| 23.1 | freetype (2.6.5) | Not Affected | Code Not Present | 2.6.5 does not match CVE configuration. |
| 22.4 | freetype (2.6.5) | Not Affected | Code Not Present | 2.6.5 does not match CVE configuration. |
| 22.3 | freetype (2.6.5) | Not Affected | Code Not Present | 2.6.5 does not match CVE configuration. |
| 22.2 | freetype (2.6.5) | Not Affected | Code Not Present | 2.6.5 does not match CVE configuration. |
| 22.1 | freetype (2.6.5) | Not Affected | Code Not Present | 2.6.5 does not match CVE configuration. |
| 21.11.1 | freetype (2.6.5) | Not Affected | Code Not Present | 2.6.5 does not match CVE configuration. |
| 21.11 | freetype (2.6.5) | Not Affected | Code Not Present | 2.6.5 does not match CVE configuration. |
| 21.8.1 | freetype (2.6.5) | Not Affected | Code Not Present | 2.6.5 does not match CVE configuration. |
| 21.8 | freetype (2.6.5) | Not Affected | Code Not Present | 2.6.5 does not match CVE configuration. |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
LOCAL
Availability Impact
LOW
Base Score
4
Base Severity
MEDIUM
Confidentiality Impact
NONE
Integrity Impact
NONE
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
NONE
Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Version
3.1