FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c.Referenceshttps://gitlab.freedesktop.org/freetype/freetype/-/issues/1312https://security-tracker.debian.org/tracker/CVE-2025-23022